AzComplianceAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Compliance controls by Policy

Id DisplayName Category Control Domain Control Name MetadataId Title PolicySet
d6545c6b-dd9d-4265-91e6-0b451e2f1c50 App Service Environment should have TLS 1.0 and 1.1 disabled App Service ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
cfaf0007-99c7-4b01-b36b-4048872ac978 Azure Synapse Analytics dedicated SQL pools should enable encryption Synapse ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
d96163de-dbe0-45ac-b803-0e9ca0f5764e Windows machines should configure Windows Defender to update protection signatures within one day Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
b3248a42-b1c1-41a4-87bc-8bad3d845589 Windows machines should enable Windows Defender Real-time protection Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
1afdc4b6-581a-45fb-b630-f1e6051e3e7a Linux virtual machines should have Azure Monitor Agent installed Monitoring ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
c02729e5-e5e7-4458-97fa-2b5ad0661f28 Windows virtual machines should have Azure Monitor Agent installed Monitoring ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center AU_ISM 1173 AU_ISM_1173 AU ISM 1173 Multi-factor authentication - 1173 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center AU_ISM 1173 AU_ISM_1173 AU ISM 1173 Multi-factor authentication - 1173 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1260 AU_ISM_1260 AU ISM 1260 Database administrator accounts - 1260 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1261 AU_ISM_1261 AU ISM 1261 Database administrator accounts - 1261 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1262 AU_ISM_1262 AU ISM 1262 Database administrator accounts - 1262 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1263 AU_ISM_1263 AU ISM 1263 Database administrator accounts - 1263 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1264 AU_ISM_1264 AU ISM 1264 Database administrator accounts - 1264 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center AU_ISM 1288 AU_ISM_1288 AU ISM 1288 Antivirus scanning - 1288 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute AU_ISM 1288 AU_ISM_1288 AU ISM 1288 Antivirus scanning - 1288 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center AU_ISM 1288 AU_ISM_1288 AU ISM 1288 Antivirus scanning - 1288 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center AU_ISM 1384 AU_ISM_1384 AU ISM 1384 Multi-factor authentication - 1384 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center AU_ISM 1384 AU_ISM_1384 AU ISM 1384 Multi-factor authentication - 1384 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center AU_ISM 1384 AU_ISM_1384 AU ISM 1384 Multi-factor authentication - 1384 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center AU_ISM 1407 AU_ISM_1407 AU ISM 1407 Operating system versions - 1407 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center AU_ISM 1407 AU_ISM_1407 AU ISM 1407 Operating system versions - 1407 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center AU_ISM 1417 AU_ISM_1417 AU ISM 1417 Antivirus software - 1417 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center AU_ISM 1417 AU_ISM_1417 AU ISM 1417 Antivirus software - 1417 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute AU_ISM 1417 AU_ISM_1417 AU ISM 1417 Antivirus software - 1417 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service AU_ISM 1424 AU_ISM_1424 AU ISM 1424 Web browser-based security controls - 1424 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL AU_ISM 1425 AU_ISM_1425 AU ISM 1425 Protecting database server contents - 1425 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center AU_ISM 1431 AU_ISM_1431 AU ISM 1431 Denial of service strategies - 1431 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center AU_ISM 1490 AU_ISM_1490 AU ISM 1490 Application control - 1490 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute AU_ISM 1511 AU_ISM_1511 AU ISM 1511 Performing backups - 1511 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center AU_ISM 380 AU_ISM_380 AU ISM 380 Operating system configuration - 380 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 380 AU_ISM_380 AU ISM 380 Operating system configuration - 380 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center AU_ISM 414 AU_ISM_414 AU ISM 414 User identification - 414 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center AU_ISM 414 AU_ISM_414 AU ISM 414 User identification - 414 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center AU_ISM 414 AU_ISM_414 AU ISM 414 User identification - 414 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 430 AU_ISM_430 AU ISM 430 Suspension of access to systems - 430 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center AU_ISM 430 AU_ISM_430 AU ISM 430 Suspension of access to systems - 430 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage AU_ISM 520 AU_ISM_520 AU ISM 520 Network access controls - 520 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring AU_ISM 582 AU_ISM_582 AU ISM 582 Events to be logged - 582 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring AU_ISM 582 AU_ISM_582 AU ISM 582 Events to be logged - 582 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center AU_ISM 947 AU_ISM_947 AU ISM 947 Using media for data transfers - 947 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
fd4726f4-a5fc-4540-912d-67c96fc992d5 [Preview]: Automanage Configuration Profile Assignment should be Conformant Automanage Automanage Best Practices Automanage Best Practices 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
e4953962-5ae4-43eb-bb92-d66fd5563487 [Preview]: A managed identity should be enabled on your machines Automanage Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v1.0 1.2 Azure_Security_Benchmark_v1.0_1.2 Azure Security Benchmark 1.2 Monitor and log the configuration and traffic of Vnets, Subnets, and NICs [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v1.0 1.5 Azure_Security_Benchmark_v1.0_1.5 Azure Security Benchmark 1.5 Record network packets and flow logs [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Azure_Security_Benchmark_v1.0 10.4 Azure_Security_Benchmark_v1.0_10.4 Azure Security Benchmark 10.4 Provide security incident contact details and configure alert notifications for security incidents [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7c1b1214-f927-48bf-8882-84f0af6588b1 [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled Compute Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL Azure_Security_Benchmark_v1.0 2.5 Azure_Security_Benchmark_v1.0_2.5 Azure Security Benchmark 2.5 Configure security log storage retention [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v1.0 2.7 Azure_Security_Benchmark_v1.0_2.7 Azure Security Benchmark 2.7 Enable alerts for anomalous activity [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v1.0 2.7 Azure_Security_Benchmark_v1.0_2.7 Azure Security Benchmark 2.7 Enable alerts for anomalous activity [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center Azure_Security_Benchmark_v1.0 2.8 Azure_Security_Benchmark_v1.0_2.8 Azure Security Benchmark 2.8 Centralize anti-malware logging [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Azure_Security_Benchmark_v1.0 2.8 Azure_Security_Benchmark_v1.0_2.8 Azure Security Benchmark 2.8 Centralize anti-malware logging [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center Azure_Security_Benchmark_v1.0 2.8 Azure_Security_Benchmark_v1.0_2.8 Azure Security Benchmark 2.8 Centralize anti-malware logging [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric Azure_Security_Benchmark_v1.0 3.9 Azure_Security_Benchmark_v1.0_3.9 Azure Security Benchmark 3.9 Use Microsoft Entra ID [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL Azure_Security_Benchmark_v1.0 3.9 Azure_Security_Benchmark_v1.0_3.9 Azure Security Benchmark 3.9 Use Microsoft Entra ID [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v1.0 4.5 Azure_Security_Benchmark_v1.0_4.5 Azure Security Benchmark 4.5 Use an active discovery tool to identify sensitive data [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v1.0 4.5 Azure_Security_Benchmark_v1.0_4.5 Azure Security Benchmark 4.5 Use an active discovery tool to identify sensitive data [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center Azure_Security_Benchmark_v1.0 4.6 Azure_Security_Benchmark_v1.0_4.6 Azure Security Benchmark 4.6 Use Azure RBAC to control access to resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General Azure_Security_Benchmark_v1.0 4.6 Azure_Security_Benchmark_v1.0_4.6 Azure Security Benchmark 4.6 Use Azure RBAC to control access to resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2c89a2e5-7285-40fe-afe0-ae8654b92fb2 [Deprecated]: Unattached disks should be encrypted Compute Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Azure_Security_Benchmark_v1.0 4.9 Azure_Security_Benchmark_v1.0_4.9 Azure Security Benchmark 4.9 Log and alert on changes to critical Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center Azure_Security_Benchmark_v1.0 5.2 Azure_Security_Benchmark_v1.0_5.2 Azure Security Benchmark 5.2 Deploy automated operating system patch management solution [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center Azure_Security_Benchmark_v1.0 5.2 Azure_Security_Benchmark_v1.0_5.2 Azure Security Benchmark 5.2 Deploy automated operating system patch management solution [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Azure_Security_Benchmark_v1.0 5.3 Azure_Security_Benchmark_v1.0_5.3 Azure Security Benchmark 5.3 Deploy automated third-party software patch management solution [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center Azure_Security_Benchmark_v1.0 6.10 Azure_Security_Benchmark_v1.0_6.10 Azure Security Benchmark 6.10 Implement approved application list [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center Azure_Security_Benchmark_v1.0 6.8 Azure_Security_Benchmark_v1.0_6.8 Azure Security Benchmark 6.8 Use only approved applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage Azure_Security_Benchmark_v1.0 6.9 Azure_Security_Benchmark_v1.0_6.9 Azure Security Benchmark 6.9 Use only approved Azure services [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute Azure_Security_Benchmark_v1.0 6.9 Azure_Security_Benchmark_v1.0_6.9 Azure Security Benchmark 6.9 Use only approved Azure services [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center Azure_Security_Benchmark_v1.0 7.10 Azure_Security_Benchmark_v1.0_7.10 Azure Security Benchmark 7.10 Implement automated configuration monitoring for operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center Azure_Security_Benchmark_v1.0 7.10 Azure_Security_Benchmark_v1.0_7.10 Azure Security Benchmark 7.10 Implement automated configuration monitoring for operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center Azure_Security_Benchmark_v1.0 7.10 Azure_Security_Benchmark_v1.0_7.10 Azure Security Benchmark 7.10 Implement automated configuration monitoring for operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v1.0 7.11 Azure_Security_Benchmark_v1.0_7.11 Azure Security Benchmark 7.11 Manage Azure secrets securely [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v1.0 7.12 Azure_Security_Benchmark_v1.0_7.12 Azure Security Benchmark 7.12 Manage identities securely and automatically [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v1.0 7.12 Azure_Security_Benchmark_v1.0_7.12 Azure Security Benchmark 7.12 Manage identities securely and automatically [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center Azure_Security_Benchmark_v1.0 7.4 Azure_Security_Benchmark_v1.0_7.4 Azure Security Benchmark 7.4 Maintain secure operating system configurations [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center Azure_Security_Benchmark_v1.0 7.4 Azure_Security_Benchmark_v1.0_7.4 Azure Security Benchmark 7.4 Maintain secure operating system configurations [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center Azure_Security_Benchmark_v1.0 7.4 Azure_Security_Benchmark_v1.0_7.4 Azure Security Benchmark 7.4 Maintain secure operating system configurations [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center Azure_Security_Benchmark_v1.0 8.1 Azure_Security_Benchmark_v1.0_8.1 Azure Security Benchmark 8.1 Use centrally managed anti-malware software [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center Azure_Security_Benchmark_v1.0 8.1 Azure_Security_Benchmark_v1.0_8.1 Azure Security Benchmark 8.1 Use centrally managed anti-malware software [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Azure_Security_Benchmark_v1.0 8.3 Azure_Security_Benchmark_v1.0_8.3 Azure Security Benchmark 8.3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v1.0 9.4 Azure_Security_Benchmark_v1.0_9.4 Azure Security Benchmark 9.4 Ensure protection of backups and customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute Azure_Security_Benchmark_v2.0 AM-3 Azure_Security_Benchmark_v2.0_AM-3 Azure Security Benchmark AM-3 Use only approved Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage Azure_Security_Benchmark_v2.0 AM-3 Azure_Security_Benchmark_v2.0_AM-3 Azure Security Benchmark AM-3 Use only approved Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center Azure_Security_Benchmark_v2.0 AM-6 Azure_Security_Benchmark_v2.0_AM-6 Azure Security Benchmark AM-6 Use only approved applications in compute resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v2.0 BR-4 Azure_Security_Benchmark_v2.0_BR-4 Azure Security Benchmark BR-4 Mitigate risk of lost keys [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault Azure_Security_Benchmark_v2.0 BR-4 Azure_Security_Benchmark_v2.0_BR-4 Azure Security Benchmark BR-4 Mitigate risk of lost keys [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 ES-1 Azure_Security_Benchmark_v2.0_ES-1 Azure Security Benchmark ES-1 Use Endpoint Detection and Response (EDR) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center Azure_Security_Benchmark_v2.0 ES-3 Azure_Security_Benchmark_v2.0_ES-3 Azure Security Benchmark ES-3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center Azure_Security_Benchmark_v2.0 ES-3 Azure_Security_Benchmark_v2.0_ES-3 Azure Security Benchmark ES-3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-2 Azure_Security_Benchmark_v2.0_IM-2 Azure Security Benchmark IM-2 Manage application identities securely and automatically [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-2 Azure_Security_Benchmark_v2.0_IM-2 Azure Security Benchmark IM-2 Manage application identities securely and automatically [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7c1b1214-f927-48bf-8882-84f0af6588b1 [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled Compute Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7d092e0a-7acd-40d2-a975-dca21cae48c4 [Deprecated]: Azure Cache for Redis should reside within a virtual network Cache Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e372f825-a257-4fb8-9175-797a8a8627d6 [Deprecated]: RDP access from the Internet should be blocked Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2c89a2e5-7285-40fe-afe0-ae8654b92fab [Deprecated]: SSH access from the Internet should be blocked Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v2.0 NS-5 Azure_Security_Benchmark_v2.0_NS-5 Azure Security Benchmark NS-5 Deploy intrusion detection/intrusion prevention systems (IDS/IPS) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9 [Deprecated]: Custom subscription owner roles should not exist General Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center Azure_Security_Benchmark_v2.0 PV-4 Azure_Security_Benchmark_v2.0_PV-4 Azure Security Benchmark PV-4 Sustain secure configurations for compute resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center Azure_Security_Benchmark_v2.0 PV-4 Azure_Security_Benchmark_v2.0_PV-4 Azure Security Benchmark PV-4 Sustain secure configurations for compute resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center Azure_Security_Benchmark_v2.0 PV-4 Azure_Security_Benchmark_v2.0_PV-4 Azure Security Benchmark PV-4 Sustain secure configurations for compute resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5f0f936f-2f01-4bf5-b6be-d423792fa562 [Deprecated]: Azure registry container images should have vulnerabilities resolved (powered by Qualys) Security Center Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c8acafaf-3d23-44d1-9624-978ef0f8652c API endpoints that are unused should be disabled and removed from the Azure API Management service Security Center Azure_Security_Benchmark_v3.0 AM-3 Azure_Security_Benchmark_v3.0_AM-3 Microsoft cloud security benchmark AM-3 Ensure security of asset lifecycle management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center Azure_Security_Benchmark_v3.0 AM-5 Azure_Security_Benchmark_v3.0_AM-5 Microsoft cloud security benchmark AM-5 Use only approved applications in virtual machine Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center Azure_Security_Benchmark_v3.0 AM-5 Azure_Security_Benchmark_v3.0_AM-5 Microsoft cloud security benchmark AM-5 Use only approved applications in virtual machine Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-1 Azure_Security_Benchmark_v3.0_DP-1 Microsoft cloud security benchmark DP-1 Discover, classify, and label sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ee7495e7-3ba7-40b6-bfee-c29e22cc75d4 API Management APIs should use only encrypted protocols API Management Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
36f0d6bc-a253-4df8-b25b-c3a5023ff443 [Preview]: Host and VM networking should be protected on Azure Stack HCI systems Stack HCI Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ee8ca833-1583-4d24-837e-96c2af9488a4 [Preview]: Azure Stack HCI systems should have encrypted volumes Stack HCI Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault API Management Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Azure_Security_Benchmark_v3.0 DP-7 Azure_Security_Benchmark_v3.0_DP-7 Microsoft cloud security benchmark DP-7 Use a secure certificate management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 ES-1 Azure_Security_Benchmark_v3.0_ES-1 Microsoft cloud security benchmark ES-1 Use Endpoint Detection and Response (EDR) Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Security Center Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Security Center Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Security Center Azure_Security_Benchmark_v3.0 ES-3 Azure_Security_Benchmark_v3.0_ES-3 Microsoft cloud security benchmark ES-3 Ensure anti-malware software and signatures are updated Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6ea81a52-5ca7-4575-9669-eaa910b7edf8 Synapse Workspaces should have Microsoft Entra-only authentication enabled Synapse Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b3a22bc9-66de-45fb-98fa-00f5df42f41a Azure SQL Database should have Microsoft Entra-only authentication enabled SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0c28c3fb-c244-42d5-a9bf-f35f2999577b Azure SQL Managed Instance should have Microsoft Entra-only authentication enabled SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c15dcc82-b93c-4dcb-9332-fbf121685b54 API Management calls to API backends should be authenticated API Management Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
92bb331d-ac71-416a-8c91-02f2cb734ce4 API Management calls to API backends should not bypass certificate thumbprint or name validation API Management Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault API Management Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v3.0 IR-4 Azure_Security_Benchmark_v3.0_IR-4 Microsoft cloud security benchmark IR-4 Detection and analysis - investigate an incident Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
138ff14d-b687-4faa-a81c-898c91a87fa2 Resource logs in Azure Databricks Workspaces should be enabled Azure Databricks Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring Azure_Security_Benchmark_v3.0 LT-4 Azure_Security_Benchmark_v3.0_LT-4 Microsoft cloud security benchmark LT-4 Enable network logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring Azure_Security_Benchmark_v3.0 LT-4 Azure_Security_Benchmark_v3.0_LT-4 Microsoft cloud security benchmark LT-4 Enable network logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL Azure_Security_Benchmark_v3.0 LT-6 Azure_Security_Benchmark_v3.0_LT-6 Microsoft cloud security benchmark LT-6 Configure log storage retention Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks Workspaces should disable public network access Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
51c1490f-3319-459c-bbbc-7f391bbed753 Azure Databricks Clusters should disable public IP Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9c25c9e4-ee12-4882-afd2-11fb9d87893f Azure Databricks Workspaces should be in a virtual network Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
258823f2-4595-4b52-b333-cc96192710d8 Azure Databricks Workspaces should use private link Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center Azure_Security_Benchmark_v3.0 NS-5 Azure_Security_Benchmark_v3.0_NS-5 Microsoft cloud security benchmark NS-5 Deploy DDOS protection Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Azure_Security_Benchmark_v3.0 NS-6 Azure_Security_Benchmark_v3.0_NS-6 Microsoft cloud security benchmark NS-6 Deploy web application firewall Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Azure_Security_Benchmark_v3.0 NS-6 Azure_Security_Benchmark_v3.0_NS-6 Microsoft cloud security benchmark NS-6 Deploy web application firewall Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center Azure_Security_Benchmark_v3.0 NS-7 Azure_Security_Benchmark_v3.0_NS-7 Microsoft cloud security benchmark NS-7 Simplify network security configuration Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 NS-8 Azure_Security_Benchmark_v3.0_NS-8 Microsoft cloud security benchmark NS-8 Detect and disable insecure services and protocols Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 NS-8 Azure_Security_Benchmark_v3.0_NS-8 Microsoft cloud security benchmark NS-8 Detect and disable insecure services and protocols Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v3.0 PA-2 Azure_Security_Benchmark_v3.0_PA-2 Microsoft cloud security benchmark PA-2 Avoid standing access for accounts and permissions Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3aa03346-d8c5-4994-a5bc-7652c2a2aef1 API Management subscriptions should not be scoped to all APIs API Management Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b741306c-968e-4b67-b916-5675e5c709f4 API Management direct management endpoint should not be enabled API Management Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
dad3a6b9-4451-492f-a95c-69efc6f3fada [Preview]: Azure Stack HCI servers should have consistently enforced application control policies Stack HCI Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5e6bf724-0154-49bc-985f-27b2e07e636b [Preview]: Azure Stack HCI servers should meet Secured-core requirements Stack HCI Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f85bf3e0-d513-442e-89c3-1784ad63382b [Preview]: System updates should be installed on your machines (powered by Update Center) Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e56962a6-4747-49cd-b67b-bf8b01975c4c Allowed locations General B.01.3 - Legal, statutory, regulatory requirements B.01.3 - Legal, statutory, regulatory requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e765b5de-1225-4ba3-bd56-1ac6695af988 Allowed locations for resource groups General B.01.3 - Legal, statutory, regulatory requirements B.01.3 - Legal, statutory, regulatory requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage B.09.1 - Security aspects and stages B.09.1 - Security aspects and stages 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache B.09.1 - Security aspects and stages B.09.1 - Security aspects and stages 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.2 - Security function B.10.2 - Security function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.2 - Security function B.10.2 - Security function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.3 - Organisational position B.10.3 - Organisational position 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.3 - Organisational position B.10.3 - Organisational position 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.4 - Tasks, responsibilities and powers B.10.4 - Tasks, responsibilities and powers 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.4 - Tasks, responsibilities and powers B.10.4 - Tasks, responsibilities and powers 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb97d6e1-5c98-4743-a439-23e0977bad9e [Preview]: Boot Diagnostics should be enabled on virtual machines Automanage Boot Diagnostics Boot Diagnostics 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center C.05.5 - Monitored and reported C.05.5 - Monitored and reported 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center C.05.5 - Monitored and reported C.05.5 - Monitored and reported 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center C.05.5 - Monitored and reported C.05.5 - Monitored and reported 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CCCS AC-2(7) CCCS_AC-2(7) CCCS AC-2(7) Account Management | Role-Based Schemes Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CCCS AC-2(7) CCCS_AC-2(7) CCCS AC-2(7) Account Management | Role-Based Schemes Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CCCS AC-4 CCCS_AC-4 CCCS AC-4 Information Flow Enforcement Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CCCS CM-11 CCCS_CM-11 CCCS CM-11 User-Installed Software Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CCCS CM-7(5) CCCS_CM-7(5) CCCS CM-7(5) Least Functionality | Authorized Software / Whitelisting Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CCCS CP-7 CCCS_CP-7 CCCS CP-7 Alternative Processing Site Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CCCS IA-2(1) CCCS_IA-2(1) CCCS IA-2(1) Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CCCS IA-2(1) CCCS_IA-2(1) CCCS IA-2(1) Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center CCCS SC-5 CCCS_SC-5 CCCS SC-5 Denial of Service Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CCCS SC-7(3) CCCS_SC-7(3) CCCS SC-7(3) Boundary Protection | Access Points Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CCCS SC-7(4) CCCS_SC-7(4) CCCS SC-7(4) Boundary Protection | External Telecommunications Services Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center CCCS SI-3 CCCS_SI-3 CCCS SI-3 Malicious Code Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CCCS SI-3 CCCS_SI-3 CCCS SI-3 Malicious Code Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center CCCS SI-3(1) CCCS_SI-3(1) CCCS SI-3(1) Malicious Code Protection | Central Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CCCS SI-3(1) CCCS_SI-3(1) CCCS SI-3(1) Malicious Code Protection | Central Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CIS_Azure_1.1.0 1.1 CIS_Azure_1.1.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.1 CIS_Azure_1.1.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CIS_Azure_1.1.0 1.1 CIS_Azure_1.1.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.2 CIS_Azure_1.1.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CIS_Azure_1.1.0 1.2 CIS_Azure_1.1.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Azure_1.1.0 2.10 CIS_Azure_1.1.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure ASC Default policy setting "Monitor Vulnerability Assessment" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.1.0 2.12 CIS_Azure_1.1.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CIS_Azure_1.1.0 2.12 CIS_Azure_1.1.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CIS_Azure_1.1.0 2.13 CIS_Azure_1.1.0_2.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.13 Ensure ASC Default policy setting "Monitor Adaptive Application Whitelisting" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_1.1.0 2.16 CIS_Azure_1.1.0_2.16 CIS Microsoft Azure Foundations Benchmark recommendation 2.16 Ensure that 'Security contact emails' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_1.1.0 2.18 CIS_Azure_1.1.0_2.18 CIS Microsoft Azure Foundations Benchmark recommendation 2.18 Ensure that 'Send email notification for high severity alerts' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CIS_Azure_1.1.0 2.19 CIS_Azure_1.1.0_2.19 CIS Microsoft Azure Foundations Benchmark recommendation 2.19 Ensure that 'Send email also to subscription owners' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center CIS_Azure_1.1.0 2.3 CIS_Azure_1.1.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 2.3 CIS_Azure_1.1.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CIS_Azure_1.1.0 2.7 CIS_Azure_1.1.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 2.7 CIS_Azure_1.1.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 2.7 CIS_Azure_1.1.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 2.8 CIS_Azure_1.1.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 2.8 CIS_Azure_1.1.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_1.1.0 3.4 CIS_Azure_1.1.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_1.1.0 3.4 CIS_Azure_1.1.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.1.0 3.4 CIS_Azure_1.1.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 3.5 CIS_Azure_1.1.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that shared access signature tokens are allowed only over https CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 3.5 CIS_Azure_1.1.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that shared access signature tokens are allowed only over https CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 3.5 CIS_Azure_1.1.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that shared access signature tokens are allowed only over https CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_1.1.0 3.7 CIS_Azure_1.1.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure default network access rule for Storage Accounts is set to deny CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_1.1.0 4.4 CIS_Azure_1.1.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 4.4 CIS_Azure_1.1.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_1.1.0 4.4 CIS_Azure_1.1.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 4.5 CIS_Azure_1.1.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that 'Threat Detection types' is set to 'All' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure that 'Send alerts to' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure that 'Send alerts to' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure that 'Send alerts to' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 Ensure that 'Email service and co-administrators' is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 Ensure that 'Email service and co-administrators' is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 Ensure that 'Email service and co-administrators' is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.1.0 5.1.5 CIS_Azure_1.1.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CIS_Azure_1.1.0 5.1.5 CIS_Azure_1.1.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.1.0 5.1.5 CIS_Azure_1.1.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 6.3 CIS_Azure_1.1.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 6.3 CIS_Azure_1.1.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 6.4 CIS_Azure_1.1.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 6.4 CIS_Azure_1.1.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 6.4 CIS_Azure_1.1.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_1.1.0 6.5 CIS_Azure_1.1.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_1.1.0 6.5 CIS_Azure_1.1.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_1.1.0 7.4 CIS_Azure_1.1.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that only approved extensions are installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 7.5 CIS_Azure_1.1.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center CIS_Azure_1.1.0 7.5 CIS_Azure_1.1.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 8.3 CIS_Azure_1.1.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that Resource Locks are set for mission critical Azure resources CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_1.1.0 9.10 CIS_Azure_1.1.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_1.1.0 9.10 CIS_Azure_1.1.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.10 CIS_Azure_1.1.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_1.1.0 9.4 CIS_Azure_1.1.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CIS_Azure_1.1.0 9.4 CIS_Azure_1.1.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.1.0 9.4 CIS_Azure_1.1.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.6 CIS_Azure_1.1.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure that '.Net Framework' version is the latest, if used as a part of the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.7 CIS_Azure_1.1.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'PHP version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.8 CIS_Azure_1.1.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Python version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.9 CIS_Azure_1.1.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'Java version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CIS_Azure_1.3.0 1.1 CIS_Azure_1.3.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.1 CIS_Azure_1.3.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CIS_Azure_1.3.0 1.1 CIS_Azure_1.3.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.10 CIS_Azure_1.3.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.10 CIS_Azure_1.3.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.10 CIS_Azure_1.3.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.11 CIS_Azure_1.3.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.11 CIS_Azure_1.3.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.11 CIS_Azure_1.3.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.2 CIS_Azure_1.3.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CIS_Azure_1.3.0 1.2 CIS_Azure_1.3.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.4 CIS_Azure_1.3.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.3.0 1.4 CIS_Azure_1.3.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.3.0 1.4 CIS_Azure_1.3.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.9 CIS_Azure_1.3.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.9 CIS_Azure_1.3.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.9 CIS_Azure_1.3.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.3.0 2.11 CIS_Azure_1.3.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center CIS_Azure_1.3.0 2.11 CIS_Azure_1.3.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.3.0 2.11 CIS_Azure_1.3.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_1.3.0 2.13 CIS_Azure_1.3.0_2.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.13 Ensure 'Additional email addresses' is configured with a security contact email CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_1.3.0 2.14 CIS_Azure_1.3.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_1.3.0 3.4 CIS_Azure_1.3.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.3.0 3.4 CIS_Azure_1.3.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_1.3.0 3.4 CIS_Azure_1.3.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_1.3.0 3.6 CIS_Azure_1.3.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure default network access rule for Storage Accounts is set to deny CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CIS_Azure_1.3.0 3.6 CIS_Azure_1.3.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure default network access rule for Storage Accounts is set to deny CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_1.3.0 4.2.1 CIS_Azure_1.3.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_1.3.0 4.2.1 CIS_Azure_1.3.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 4.2.1 CIS_Azure_1.3.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.3 CIS_Azure_1.3.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.3 CIS_Azure_1.3.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.3.0 4.2.4 CIS_Azure_1.3.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.4 CIS_Azure_1.3.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.4 CIS_Azure_1.3.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.3.0 4.2.5 CIS_Azure_1.3.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.5 CIS_Azure_1.3.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.5 CIS_Azure_1.3.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.1.1 CIS_Azure_1.3.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a 'Diagnostics Setting' exists CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CIS_Azure_1.3.0 5.1.3 CIS_Azure_1.3.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.3.0 5.1.3 CIS_Azure_1.3.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.3.0 5.1.3 CIS_Azure_1.3.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.3.0 6.3 CIS_Azure_1.3.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.3.0 6.3 CIS_Azure_1.3.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 6.4 CIS_Azure_1.3.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 6.4 CIS_Azure_1.3.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 6.4 CIS_Azure_1.3.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_1.3.0 6.5 CIS_Azure_1.3.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_1.3.0 6.5 CIS_Azure_1.3.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_1.3.0 7.4 CIS_Azure_1.3.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that only approved extensions are installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 7.5 CIS_Azure_1.3.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center CIS_Azure_1.3.0 7.5 CIS_Azure_1.3.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 8.3 CIS_Azure_1.3.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that Resource Locks are set for mission critical Azure resources CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_1.3.0 8.4 CIS_Azure_1.3.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.3.0 8.4 CIS_Azure_1.3.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CIS_Azure_1.3.0 9.4 CIS_Azure_1.3.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.3.0 9.4 CIS_Azure_1.3.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_1.3.0 9.4 CIS_Azure_1.3.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.6 CIS_Azure_1.3.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure that 'PHP version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.7 CIS_Azure_1.3.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.8 CIS_Azure_1.3.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_1.3.0 9.9 CIS_Azure_1.3.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.9 CIS_Azure_1.3.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_1.3.0 9.9 CIS_Azure_1.3.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CIS_Azure_1.4.0 1.1 CIS_Azure_1.4.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CIS_Azure_1.4.0 1.1 CIS_Azure_1.4.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.1 CIS_Azure_1.4.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.10 CIS_Azure_1.4.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.10 CIS_Azure_1.4.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.10 CIS_Azure_1.4.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.11 CIS_Azure_1.4.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.11 CIS_Azure_1.4.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.11 CIS_Azure_1.4.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CIS_Azure_1.4.0 1.2 CIS_Azure_1.4.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.2 CIS_Azure_1.4.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.4.0 1.4 CIS_Azure_1.4.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.4 CIS_Azure_1.4.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.4.0 1.4 CIS_Azure_1.4.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.9 CIS_Azure_1.4.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.9 CIS_Azure_1.4.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.9 CIS_Azure_1.4.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.4.0 2.11 CIS_Azure_1.4.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.4.0 2.11 CIS_Azure_1.4.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center CIS_Azure_1.4.0 2.11 CIS_Azure_1.4.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_1.4.0 2.13 CIS_Azure_1.4.0_2.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_1.4.0 2.14 CIS_Azure_1.4.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 3.12 CIS_Azure_1.4.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure the "Minimum TLS version" is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 3.12 CIS_Azure_1.4.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure the "Minimum TLS version" is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 3.12 CIS_Azure_1.4.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure the "Minimum TLS version" is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_1.4.0 3.4 CIS_Azure_1.4.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_1.4.0 3.4 CIS_Azure_1.4.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.4.0 3.4 CIS_Azure_1.4.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CIS_Azure_1.4.0 3.6 CIS_Azure_1.4.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_1.4.0 3.6 CIS_Azure_1.4.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 4.2.1 CIS_Azure_1.4.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_1.4.0 4.2.1 CIS_Azure_1.4.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_1.4.0 4.2.1 CIS_Azure_1.4.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.3 CIS_Azure_1.4.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.3 CIS_Azure_1.4.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.4 CIS_Azure_1.4.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.4 CIS_Azure_1.4.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.4.0 4.2.4 CIS_Azure_1.4.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.5 CIS_Azure_1.4.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.5 CIS_Azure_1.4.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.4.0 4.2.5 CIS_Azure_1.4.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 4.4.1 CIS_Azure_1.4.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.1 CIS_Azure_1.4.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.1 CIS_Azure_1.4.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.2 CIS_Azure_1.4.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.2 CIS_Azure_1.4.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 4.4.2 CIS_Azure_1.4.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.1.1 CIS_Azure_1.4.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a 'Diagnostics Setting' exists CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.4.0 5.1.3 CIS_Azure_1.4.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.4.0 5.1.3 CIS_Azure_1.4.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CIS_Azure_1.4.0 5.1.3 CIS_Azure_1.4.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.4.0 6.3 CIS_Azure_1.4.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.4.0 6.3 CIS_Azure_1.4.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 6.4 CIS_Azure_1.4.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 6.4 CIS_Azure_1.4.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 6.4 CIS_Azure_1.4.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_1.4.0 6.5 CIS_Azure_1.4.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_1.4.0 6.5 CIS_Azure_1.4.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_1.4.0 7.4 CIS_Azure_1.4.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that Only Approved Extensions Are Installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center CIS_Azure_1.4.0 7.5 CIS_Azure_1.4.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 7.5 CIS_Azure_1.4.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 8.5 CIS_Azure_1.4.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Ensure that Resource Locks are set for Mission Critical Azure Resources CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_1.4.0 8.6 CIS_Azure_1.4.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.4.0 8.6 CIS_Azure_1.4.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CIS_Azure_1.4.0 9.4 CIS_Azure_1.4.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_1.4.0 9.4 CIS_Azure_1.4.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.4.0 9.4 CIS_Azure_1.4.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.6 CIS_Azure_1.4.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.7 CIS_Azure_1.4.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.8 CIS_Azure_1.4.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.9 CIS_Azure_1.4.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_1.4.0 9.9 CIS_Azure_1.4.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_1.4.0 9.9 CIS_Azure_1.4.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.2 CIS_Azure_2.0.0_1.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CIS_Azure_2.0.0 1.1.2 CIS_Azure_2.0.0_1.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CIS_Azure_2.0.0 1.1.2 CIS_Azure_2.0.0_1.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CIS_Azure_2.0.0 1.1.3 CIS_Azure_2.0.0_1.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.3 CIS_Azure_2.0.0_1.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_2.0.0 1.1.4 CIS_Azure_2.0.0_1.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_2.0.0 1.1.4 CIS_Azure_2.0.0_1.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.4 CIS_Azure_2.0.0_1.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.11 CIS_Azure_2.0.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure `User consent for applications` is set to `Do not allow user consent` CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.11 CIS_Azure_2.0.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure `User consent for applications` is set to `Do not allow user consent` CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.11 CIS_Azure_2.0.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure `User consent for applications` is set to `Do not allow user consent` CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.13 CIS_Azure_2.0.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.13 CIS_Azure_2.0.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.13 CIS_Azure_2.0.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.14 CIS_Azure_2.0.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.14 CIS_Azure_2.0.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.14 CIS_Azure_2.0.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 10.1 CIS_Azure_2.0.0_10.1 CIS Microsoft Azure Foundations Benchmark recommendation 10.1 Ensure that Resource Locks are set for Mission-Critical Azure Resources CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bdc59948-5574-49b3-bb91-76b7c986428d [Deprecated]: Azure Defender for DNS should be enabled Security Center CIS_Azure_2.0.0 2.1.11 CIS_Azure_2.0.0_2.1.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.11 Ensure That Microsoft Defender for DNS Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CIS_Azure_2.0.0 2.1.12 CIS_Azure_2.0.0_2.1.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.12 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Azure_2.0.0 2.1.13 CIS_Azure_2.0.0_2.1.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.13 Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_2.0.0 2.1.15 CIS_Azure_2.0.0_2.1.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.15 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_2.0.0 2.1.15 CIS_Azure_2.0.0_2.1.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.15 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center CIS_Azure_2.0.0 2.1.15 CIS_Azure_2.0.0_2.1.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.15 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_2.0.0 2.1.19 CIS_Azure_2.0.0_2.1.19 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.19 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_2.0.0 2.1.20 CIS_Azure_2.0.0_2.1.20 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.20 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Azure_2.0.0 2.1.6 CIS_Azure_2.0.0_2.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.6 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Azure_2.0.0 2.1.9 CIS_Azure_2.0.0_2.1.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.9 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CIS_Azure_2.0.0 3.10 CIS_Azure_2.0.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Private Endpoints are used to access Storage Accounts CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage CIS_Azure_2.0.0 3.2 CIS_Azure_2.0.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that ‘Enable Infrastructure Encryption’ for Each Storage Account in Azure Storage is Set to ‘enabled’ CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_2.0.0 3.6 CIS_Azure_2.0.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_2.0.0 3.6 CIS_Azure_2.0.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_2.0.0 3.6 CIS_Azure_2.0.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CIS_Azure_2.0.0 3.8 CIS_Azure_2.0.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_2.0.0 3.8 CIS_Azure_2.0.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_2.0.0 4.1.2 CIS_Azure_2.0.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CIS_Azure_2.0.0 4.1.2 CIS_Azure_2.0.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_2.0.0 4.1.2 CIS_Azure_2.0.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_2.0.0 4.2.1 CIS_Azure_2.0.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_2.0.0 4.2.1 CIS_Azure_2.0.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 4.2.1 CIS_Azure_2.0.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_2.0.0 4.2.3 CIS_Azure_2.0.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.3 CIS_Azure_2.0.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.3 CIS_Azure_2.0.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 4.4.2 CIS_Azure_2.0.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.2 CIS_Azure_2.0.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.2 CIS_Azure_2.0.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CIS_Azure_2.0.0 4.5.1 CIS_Azure_2.0.0_4.5.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.5.1 Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CIS_Azure_2.0.0 4.5.2 CIS_Azure_2.0.0_4.5.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.5.2 Ensure That Private Endpoints Are Used Where Possible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Azure_2.0.0 4.5.3 CIS_Azure_2.0.0_4.5.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.5.3 Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.1.1 CIS_Azure_2.0.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a 'Diagnostic Setting' exists CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_2.0.0 5.1.3 CIS_Azure_2.0.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_2.0.0 5.1.3 CIS_Azure_2.0.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CIS_Azure_2.0.0 5.1.3 CIS_Azure_2.0.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_2.0.0 6.1 CIS_Azure_2.0.0_6.1 CIS Microsoft Azure Foundations Benchmark recommendation 6.1 Ensure that RDP access from the Internet is evaluated and restricted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_2.0.0 6.2 CIS_Azure_2.0.0_6.2 CIS Microsoft Azure Foundations Benchmark recommendation 6.2 Ensure that SSH access from the Internet is evaluated and restricted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 6.5 CIS_Azure_2.0.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 6.5 CIS_Azure_2.0.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 6.5 CIS_Azure_2.0.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_2.0.0 6.6 CIS_Azure_2.0.0_6.6 CIS Microsoft Azure Foundations Benchmark recommendation 6.6 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_2.0.0 6.6 CIS_Azure_2.0.0_6.6 CIS Microsoft Azure Foundations Benchmark recommendation 6.6 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_2.0.0 7.5 CIS_Azure_2.0.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that Only Approved Extensions Are Installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Security Center CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault CIS_Azure_2.0.0 8.5 CIS_Azure_2.0.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Ensure the Key Vault is Recoverable CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_2.0.0 8.5 CIS_Azure_2.0.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Ensure the Key Vault is Recoverable CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault CIS_Azure_2.0.0 8.6 CIS_Azure_2.0.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 Enable Role Based Access Control for Azure Key Vault CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CIS_Azure_2.0.0 8.7 CIS_Azure_2.0.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Ensure that Private Endpoints are Used for Azure Key Vault CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CIS_Azure_2.0.0 8.8 CIS_Azure_2.0.0_8.8 CIS Microsoft Azure Foundations Benchmark recommendation 8.8 Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_2.0.0 9.4 CIS_Azure_2.0.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5bb220d9-2698-4ee4-8404-b9c30c9df609 [Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_2.0.0 9.4 CIS_Azure_2.0.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_2.0.0 9.4 CIS_Azure_2.0.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f466b2a6-823d-470d-8ea5-b031e72d79ae App Service app slots that use PHP should use a specified 'PHP version' App Service CIS_Azure_2.0.0 9.6 CIS_Azure_2.0.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service CIS_Azure_2.0.0 9.6 CIS_Azure_2.0.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.6 CIS_Azure_2.0.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c014953-ef68-4a98-82af-fd0f6b2306c8 App Service app slots that use Python should use a specified 'Python version' App Service CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.8 CIS_Azure_2.0.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e1d1b522-02b0-4d18-a04f-5ab62d20445f Function app slots that use Java should use a specified 'Java version' App Service CIS_Azure_2.0.0 9.8 CIS_Azure_2.0.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service CIS_Azure_2.0.0 9.8 CIS_Azure_2.0.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.9 CIS_Azure_2.0.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_2.0.0 9.9 CIS_Azure_2.0.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_2.0.0 9.9 CIS_Azure_2.0.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_2.0_L2 AC.L1-3.1.1 CMMC_2.0_L2_AC.L1-3.1.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CMMC_2.0_L2 AC.L1-3.1.2 CMMC_2.0_L2_AC.L1-3.1.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L2-3.1.12 CMMC_2.0_L2_AC.L2-3.1.12 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L2-3.1.13 CMMC_2.0_L2_AC.L2-3.1.13 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L2-3.1.14 CMMC_2.0_L2_AC.L2-3.1.14 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 AC.L2-3.1.3 CMMC_2.0_L2_AC.L2-3.1.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CMMC_2.0_L2 AC.L2-3.1.4 CMMC_2.0_L2_AC.L2-3.1.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_2.0_L2 AC.L2-3.1.5 CMMC_2.0_L2_AC.L2-3.1.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CMMC_2.0_L2 AC.L2-3.1.5 CMMC_2.0_L2_AC.L2-3.1.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CMMC_2.0_L2 AC.L2-3.1.5 CMMC_2.0_L2_AC.L2-3.1.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CMMC_2.0_L2 AU.L2-3.3.1 CMMC_2.0_L2_AU.L2-3.3.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CMMC_2.0_L2 AU.L2-3.3.2 CMMC_2.0_L2_AU.L2-3.3.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.4 CMMC_2.0_L2_AU.L2-3.3.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 AU.L2-3.3.5 CMMC_2.0_L2_AU.L2-3.3.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_2.0_L2 CM.L2-3.4.1 CMMC_2.0_L2_CM.L2-3.4.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_2.0_L2 CM.L2-3.4.2 CMMC_2.0_L2_CM.L2-3.4.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_2.0_L2 CM.L2-3.4.6 CMMC_2.0_L2_CM.L2-3.4.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 CM.L2-3.4.6 CMMC_2.0_L2_CM.L2-3.4.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center CMMC_2.0_L2 CM.L2-3.4.6 CMMC_2.0_L2_CM.L2-3.4.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center CMMC_2.0_L2 CM.L2-3.4.7 CMMC_2.0_L2_CM.L2-3.4.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_2.0_L2 CM.L2-3.4.7 CMMC_2.0_L2_CM.L2-3.4.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_2.0_L2 CM.L2-3.4.8 CMMC_2.0_L2_CM.L2-3.4.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center CMMC_2.0_L2 CM.L2-3.4.8 CMMC_2.0_L2_CM.L2-3.4.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_2.0_L2 CM.L2-3.4.9 CMMC_2.0_L2_CM.L2-3.4.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center CMMC_2.0_L2 CM.L2-3.4.9 CMMC_2.0_L2_CM.L2-3.4.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 IA.L1-3.5.1 CMMC_2.0_L2_IA.L1-3.5.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CMMC_2.0_L2 IA.L1-3.5.2 CMMC_2.0_L2_IA.L1-3.5.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 IA.L2-3.5.10 CMMC_2.0_L2_IA.L2-3.5.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 IA.L2-3.5.3 CMMC_2.0_L2_IA.L2-3.5.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 IA.L2-3.5.3 CMMC_2.0_L2_IA.L2-3.5.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CMMC_2.0_L2 IA.L2-3.5.3 CMMC_2.0_L2_IA.L2-3.5.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_2.0_L2 IA.L2-3.5.4 CMMC_2.0_L2_IA.L2-3.5.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 IA.L2-3.5.5 CMMC_2.0_L2_IA.L2-3.5.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CMMC_2.0_L2 IA.L2-3.5.6 CMMC_2.0_L2_IA.L2-3.5.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CMMC_2.0_L2 IA.L2-3.5.7 CMMC_2.0_L2_IA.L2-3.5.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration CMMC_2.0_L2 IA.L2-3.5.8 CMMC_2.0_L2_IA.L2-3.5.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 IA.L2-3.5.8 CMMC_2.0_L2_IA.L2-3.5.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 IA.L2-3.5.8 CMMC_2.0_L2_IA.L2-3.5.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 IA.L2-3.5.8 CMMC_2.0_L2_IA.L2-3.5.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_2.0_L2 IR.L2-3.6.2 CMMC_2.0_L2_IR.L2-3.6.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_2.0_L2 IR.L2-3.6.2 CMMC_2.0_L2_IR.L2-3.6.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_2.0_L2 IR.L2-3.6.2 CMMC_2.0_L2_IR.L2-3.6.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL CMMC_2.0_L2 MP.L2-3.8.9 CMMC_2.0_L2_MP.L2-3.8.9 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.2 CMMC_2.0_L2_RA.L2-3.11.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 RA.L2-3.11.3 CMMC_2.0_L2_RA.L2-3.11.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search CMMC_2.0_L2 SC.L1-3.13.1 CMMC_2.0_L2_SC.L1-3.13.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 SC.L1-3.13.5 CMMC_2.0_L2_SC.L1-3.13.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CMMC_2.0_L2 SC.L2-3.13.11 CMMC_2.0_L2_SC.L2-3.13.11 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault CMMC_2.0_L2 SC.L2-3.13.11 CMMC_2.0_L2_SC.L2-3.13.11 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault CMMC_2.0_L2 SC.L2-3.13.11 CMMC_2.0_L2_SC.L2-3.13.11 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CMMC_2.0_L2 SC.L2-3.13.11 CMMC_2.0_L2_SC.L2-3.13.11 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_2.0_L2 SC.L2-3.13.16 CMMC_2.0_L2_SC.L2-3.13.16 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid CMMC_2.0_L2 SC.L2-3.13.2 CMMC_2.0_L2_SC.L2-3.13.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CMMC_2.0_L2 SC.L2-3.13.6 CMMC_2.0_L2_SC.L2-3.13.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_2.0_L2 SC.L2-3.13.8 CMMC_2.0_L2_SC.L2-3.13.8 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.1 CMMC_2.0_L2_SI.L1-3.14.1 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_2.0_L2 SI.L1-3.14.2 CMMC_2.0_L2_SI.L1-3.14.2 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_2.0_L2 SI.L1-3.14.4 CMMC_2.0_L2_SI.L1-3.14.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center CMMC_2.0_L2 SI.L1-3.14.4 CMMC_2.0_L2_SI.L1-3.14.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration CMMC_2.0_L2 SI.L1-3.14.4 CMMC_2.0_L2_SI.L1-3.14.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_2.0_L2 SI.L1-3.14.4 CMMC_2.0_L2_SI.L1-3.14.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_2.0_L2 SI.L1-3.14.4 CMMC_2.0_L2_SI.L1-3.14.4 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L1-3.14.5 CMMC_2.0_L2_SI.L1-3.14.5 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.3 CMMC_2.0_L2_SI.L2-3.14.3 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_2.0_L2 SI.L2-3.14.6 CMMC_2.0_L2_SI.L2-3.14.6 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_2.0_L2 SI.L2-3.14.7 CMMC_2.0_L2_SI.L2-3.14.7 404 not found [Preview]: CMMC 2.0 Level 2 (4e50fd13-098b-3206-61d6-d1d78205cb45)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_L3 AC.1.001 CMMC_L3_AC.1.001 CMMC L3 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.1.002 CMMC_L3_AC.1.002 CMMC L3 AC.1.002 Limit information system access to the types of transactions and functions that authorized users are permitted to execute. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_L3 AC.1.003 CMMC_L3_AC.1.003 CMMC L3 AC.1.003 Verify and control/limit connections to and use of external information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 AC.1.003 CMMC_L3_AC.1.003 CMMC L3 AC.1.003 Verify and control/limit connections to and use of external information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 AC.1.003 CMMC_L3_AC.1.003 CMMC L3 AC.1.003 Verify and control/limit connections to and use of external information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CMMC_L3 AC.2.007 CMMC_L3_AC.2.007 CMMC L3 AC.2.007 Employ the principle of least privilege, including for specific security functions and privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 AC.2.007 CMMC_L3_AC.2.007 CMMC L3 AC.2.007 Employ the principle of least privilege, including for specific security functions and privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 AC.2.007 CMMC_L3_AC.2.007 CMMC L3 AC.2.007 Employ the principle of least privilege, including for specific security functions and privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CMMC_L3 AC.2.007 CMMC_L3_AC.2.007 CMMC L3 AC.2.007 Employ the principle of least privilege, including for specific security functions and privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CMMC_L3 AC.2.008 CMMC_L3_AC.2.008 CMMC L3 AC.2.008 Use non-privileged accounts or roles when accessing nonsecurity functions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L3 AC.2.008 CMMC_L3_AC.2.008 CMMC L3 AC.2.008 Use non-privileged accounts or roles when accessing nonsecurity functions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_L3 AC.2.013 CMMC_L3_AC.2.013 CMMC L3 AC.2.013 Monitor and control remote access sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 AC.2.016 CMMC_L3_AC.2.016 CMMC L3 AC.2.016 Control the flow of CUI in accordance with approved authorizations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CMMC_L3 AC.3.017 CMMC_L3_AC.3.017 CMMC L3 AC.3.017 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CMMC_L3 AC.3.017 CMMC_L3_AC.3.017 CMMC L3 AC.3.017 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CMMC_L3 AC.3.017 CMMC_L3_AC.3.017 CMMC L3 AC.3.017 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CMMC_L3 AC.3.017 CMMC_L3_AC.3.017 CMMC L3 AC.3.017 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 AC.3.018 CMMC_L3_AC.3.018 CMMC L3 AC.3.018 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CMMC_L3 AC.3.018 CMMC_L3_AC.3.018 CMMC L3 AC.3.018 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CMMC_L3 AC.3.018 CMMC_L3_AC.3.018 CMMC L3 AC.3.018 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CMMC_L3 AC.3.021 CMMC_L3_AC.3.021 CMMC L3 AC.3.021 Authorize remote execution of privileged commands and remote access to security-relevant information. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 AU.2.041 CMMC_L3_AU.2.041 CMMC L3 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L3 AU.2.042 CMMC_L3_AU.2.042 CMMC L3 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 AU.3.046 CMMC_L3_AU.3.046 CMMC L3 AU.3.046 Alert in the event of an audit logging process failure. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CMMC_L3 AU.3.048 CMMC_L3_AU.3.048 CMMC L3 AU.3.048 Collect audit information (e.g., logs) into one or more central repositories. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CMMC_L3 AU.3.049 CMMC_L3_AU.3.049 CMMC L3 AU.3.049 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 AU.3.049 CMMC_L3_AU.3.049 CMMC L3 AU.3.049 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 CA.2.158 CMMC_L3_CA.2.158 CMMC L3 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 CA.3.161 CMMC_L3_CA.3.161 CMMC L3 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration CMMC_L3 CM.2.061 CMMC_L3_CM.2.061 CMMC L3 CM.2.061 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 CM.2.061 CMMC_L3_CM.2.061 CMMC L3 CM.2.061 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_L3 CM.2.061 CMMC_L3_CM.2.061 CMMC L3 CM.2.061 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CMMC_L3 CM.2.062 CMMC_L3_CM.2.062 CMMC L3 CM.2.062 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CMMC_L3 CM.2.062 CMMC_L3_CM.2.062 CMMC L3 CM.2.062 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 CM.2.063 CMMC_L3_CM.2.063 CMMC L3 CM.2.063 Control and monitor user-installed software. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CMMC_L3 CM.2.063 CMMC_L3_CM.2.063 CMMC L3 CM.2.063 Control and monitor user-installed software. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_L3 CM.2.063 CMMC_L3_CM.2.063 CMMC L3 CM.2.063 Control and monitor user-installed software. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center CMMC_L3 CM.2.063 CMMC_L3_CM.2.063 CMMC L3 CM.2.063 Control and monitor user-installed software. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 CM.2.064 CMMC_L3_CM.2.064 CMMC L3 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 CM.2.065 CMMC_L3_CM.2.065 CMMC L3 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 CM.3.068 CMMC_L3_CM.3.068 CMMC L3 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center CMMC_L3 CM.3.069 CMMC_L3_CM.3.069 CMMC L3 CM.3.069 Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 IA.1.077 CMMC_L3_IA.1.077 CMMC L3 IA.1.077 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CMMC_L3 IA.2.078 CMMC_L3_IA.2.078 CMMC L3 IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration CMMC_L3 IA.2.079 CMMC_L3_IA.2.079 CMMC L3 IA.2.079 Prohibit password reuse for a specified number of generations. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CMMC_L3 IA.2.081 CMMC_L3_IA.2.081 CMMC L3 IA.2.081 Store and transmit only cryptographically-protected passwords. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CMMC_L3 IA.3.083 CMMC_L3_IA.3.083 CMMC L3 IA.3.083 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CMMC_L3 IA.3.083 CMMC_L3_IA.3.083 CMMC L3 IA.3.083 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CMMC_L3 IA.3.083 CMMC_L3_IA.3.083 CMMC L3 IA.3.083 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CMMC_L3 IA.3.084 CMMC_L3_IA.3.084 CMMC L3 IA.3.084 Employ replay-resistant authentication mechanisms for network access to privileged and nonprivileged accounts. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_L3 IR.2.092 CMMC_L3_IR.2.092 CMMC L3 IR.2.092 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_L3 IR.2.092 CMMC_L3_IR.2.092 CMMC L3 IR.2.092 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_L3 IR.2.092 CMMC_L3_IR.2.092 CMMC L3 IR.2.092 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b5f04e03-92a3-4b09-9410-2cc5e5047656 Deploy Advanced Threat Protection for Cosmos DB Accounts Cosmos DB CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
361c2074-3595-4e5d-8cab-4f21dffc835c Deploy Defender for Storage (Classic) on storage accounts Storage CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L3 IR.2.093 CMMC_L3_IR.2.093 CMMC L3 IR.2.093 Detect and report events. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CMMC_L3 RE.2.137 CMMC_L3_RE.2.137 CMMC L3 RE.2.137 Regularly perform and test data back-ups. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup CMMC_L3 RE.3.139 CMMC_L3_RE.3.139 CMMC L3 RE.3.139 Regularly perform complete, comprehensive and resilient data backups as organizationally-defined. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 RM.2.141 CMMC_L3_RM.2.141 CMMC L3 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 RM.2.142 CMMC_L3_RM.2.142 CMMC L3 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 RM.2.143 CMMC_L3_RM.2.143 CMMC L3 RM.2.143 Remediate vulnerabilities in accordance with risk assessments. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 RM.3.144 CMMC_L3_RM.3.144 CMMC L3 RM.3.144 Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources and risk measurement criteria. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 SC.1.175 CMMC_L3_SC.1.175 CMMC L3 SC.1.175 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 SC.1.176 CMMC_L3_SC.1.176 CMMC L3 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_L3 SC.1.176 CMMC_L3_SC.1.176 CMMC L3 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.1.176 CMMC_L3_SC.1.176 CMMC L3 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_L3 SC.1.176 CMMC_L3_SC.1.176 CMMC L3 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.1.176 CMMC_L3_SC.1.176 CMMC L3 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 SC.2.179 CMMC_L3_SC.2.179 CMMC L3 SC.2.179 Use encrypted sessions for the management of network devices. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a7ff3161-0087-490a-9ad9-ad6217f4f43a Require encryption on Data Lake Store accounts Data Lake CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CMMC_L3 SC.3.177 CMMC_L3_SC.3.177 CMMC L3 SC.3.177 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_L3 SC.3.180 CMMC_L3_SC.3.180 CMMC L3 SC.3.180 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CMMC_L3 SC.3.181 CMMC_L3_SC.3.181 CMMC L3 SC.3.181 Separate user functionality from system management functionality. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service CMMC_L3 SC.3.183 CMMC_L3_SC.3.183 CMMC L3 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CMMC_L3 SC.3.185 CMMC_L3_SC.3.185 CMMC L3 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CMMC_L3 SC.3.187 CMMC_L3_SC.3.187 CMMC L3 SC.3.187 Establish and manage cryptographic keys for cryptography employed in organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CMMC_L3 SC.3.190 CMMC_L3_SC.3.190 CMMC L3 SC.3.190 Protect the authenticity of communications sessions. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
a7ff3161-0087-490a-9ad9-ad6217f4f43a Require encryption on Data Lake Store accounts Data Lake CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL CMMC_L3 SC.3.191 CMMC_L3_SC.3.191 CMMC L3 SC.3.191 Protect the confidentiality of CUI at rest. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center CMMC_L3 SI.1.210 CMMC_L3_SI.1.210 CMMC L3 SI.1.210 Identify, report, and correct information and information system flaws in a timely manner. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_L3 SI.1.211 CMMC_L3_SI.1.211 CMMC L3 SI.1.211 Provide protection from malicious code at appropriate locations within organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center CMMC_L3 SI.1.211 CMMC_L3_SI.1.211 CMMC L3 SI.1.211 Provide protection from malicious code at appropriate locations within organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_L3 SI.1.211 CMMC_L3_SI.1.211 CMMC L3 SI.1.211 Provide protection from malicious code at appropriate locations within organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_L3 SI.1.211 CMMC_L3_SI.1.211 CMMC L3 SI.1.211 Provide protection from malicious code at appropriate locations within organizational information systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_L3 SI.1.212 CMMC_L3_SI.1.212 CMMC L3 SI.1.212 Update malicious code protection mechanisms when new releases are available. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 SI.1.213 CMMC_L3_SI.1.213 CMMC L3 SI.1.213 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network CMMC_L3 SI.2.216 CMMC_L3_SI.2.216 CMMC L3 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CMMC_L3 SI.2.217 CMMC_L3_SI.2.217 CMMC L3 SI.2.217 Identify unauthorized use of organizational systems. CMMC Level 3 (b5629c75-5c77-4422-87b9-2509e680f8de)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_High_R4 AC-1 FedRAMP_High_R4_AC-1 FedRAMP High AC-1 Access Control Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance FedRAMP_High_R4 AC-1 FedRAMP_High_R4_AC-1 FedRAMP High AC-1 Access Control Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance FedRAMP_High_R4 AC-1 FedRAMP_High_R4_AC-1 FedRAMP High AC-1 Access Control Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance FedRAMP_High_R4 AC-1 FedRAMP_High_R4_AC-1 FedRAMP High AC-1 Access Control Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance FedRAMP_High_R4 AC-10 FedRAMP_High_R4_AC-10 FedRAMP High AC-10 Concurrent Session Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance FedRAMP_High_R4 AC-12 FedRAMP_High_R4_AC-12 FedRAMP High AC-12 Session Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db580551-0b3c-4ea1-8a4c-4cdb5feb340f Provide the logout capability Regulatory Compliance FedRAMP_High_R4 AC-12(1) FedRAMP_High_R4_AC-12(1) FedRAMP High AC-12 (1) User-Initiated Logouts / Message Displays FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0471c6b7-1588-701c-2713-1fade73b75f6 Display an explicit logout message Regulatory Compliance FedRAMP_High_R4 AC-12(1) FedRAMP_High_R4_AC-12(1) FedRAMP High AC-12 (1) User-Initiated Logouts / Message Displays FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance FedRAMP_High_R4 AC-14 FedRAMP_High_R4_AC-14 FedRAMP High AC-14 Permitted Actions Without Identification Or Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 AC-17 FedRAMP_High_R4_AC-17 FedRAMP High AC-17 Remote Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 AC-17(1) FedRAMP_High_R4_AC-17(1) FedRAMP High AC-17 (1) Automated Monitoring / Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance FedRAMP_High_R4 AC-17(2) FedRAMP_High_R4_AC-17(2) FedRAMP High AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_High_R4 AC-17(2) FedRAMP_High_R4_AC-17(2) FedRAMP High AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance FedRAMP_High_R4 AC-17(3) FedRAMP_High_R4_AC-17(3) FedRAMP High AC-17 (3) Managed Access Control Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance FedRAMP_High_R4 AC-17(4) FedRAMP_High_R4_AC-17(4) FedRAMP High AC-17 (4) Privileged Commands / Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance FedRAMP_High_R4 AC-17(9) FedRAMP_High_R4_AC-17(9) FedRAMP High AC-17 (9) Disconnect / Disable Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance FedRAMP_High_R4 AC-18 FedRAMP_High_R4_AC-18 FedRAMP High AC-18 Wireless Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance FedRAMP_High_R4 AC-18 FedRAMP_High_R4_AC-18 FedRAMP High AC-18 Wireless Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance FedRAMP_High_R4 AC-18(1) FedRAMP_High_R4_AC-18(1) FedRAMP High AC-18 (1) Authentication And Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance FedRAMP_High_R4 AC-18(1) FedRAMP_High_R4_AC-18(1) FedRAMP High AC-18 (1) Authentication And Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance FedRAMP_High_R4 AC-18(1) FedRAMP_High_R4_AC-18(1) FedRAMP High AC-18 (1) Authentication And Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance FedRAMP_High_R4 AC-19 FedRAMP_High_R4_AC-19 FedRAMP High AC-19 Access Control For Mobile Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance FedRAMP_High_R4 AC-19(5) FedRAMP_High_R4_AC-19(5) FedRAMP High AC-19 (5) Full Device / Container-Based Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_High_R4 AC-19(5) FedRAMP_High_R4_AC-19(5) FedRAMP High AC-19 (5) Full Device / Container-Based Encryption FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance FedRAMP_High_R4 AC-2 FedRAMP_High_R4_AC-2 FedRAMP High AC-2 Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 AC-2(1) FedRAMP_High_R4_AC-2(1) FedRAMP High AC-2 (1) Automated System Account Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance FedRAMP_High_R4 AC-2(10) FedRAMP_High_R4_AC-2(10) FedRAMP High AC-2 (10) Shared / Group Account Credential Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance FedRAMP_High_R4 AC-2(11) FedRAMP_High_R4_AC-2(11) FedRAMP High AC-2 (11) Usage Conditions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AC-2(12) FedRAMP_High_R4_AC-2(12) FedRAMP High AC-2 (12) Account Monitoring / Atypical Usage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk Regulatory Compliance FedRAMP_High_R4 AC-2(13) FedRAMP_High_R4_AC-2(13) FedRAMP High AC-2 (13) Disable Accounts For High-Risk Individuals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_High_R4 AC-2(3) FedRAMP_High_R4_AC-2(3) FedRAMP High AC-2 (3) Disable Inactive Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance FedRAMP_High_R4 AC-2(3) FedRAMP_High_R4_AC-2(3) FedRAMP High AC-2 (3) Disable Inactive Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_High_R4 AC-2(4) FedRAMP_High_R4_AC-2(4) FedRAMP High AC-2 (4) Automated Audit Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance FedRAMP_High_R4 AC-2(5) FedRAMP_High_R4_AC-2(5) FedRAMP High AC-2 (5) Inactivity Logout FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_High_R4 AC-2(7) FedRAMP_High_R4_AC-2(7) FedRAMP High AC-2 (7) Role-Based Schemes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance FedRAMP_High_R4 AC-2(9) FedRAMP_High_R4_AC-2(9) FedRAMP High AC-2 (9) Restrictions On Use Of Shared Groups / Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance FedRAMP_High_R4 AC-20 FedRAMP_High_R4_AC-20 FedRAMP High AC-20 Use Of External Information Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance FedRAMP_High_R4 AC-20 FedRAMP_High_R4_AC-20 FedRAMP High AC-20 Use Of External Information Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance FedRAMP_High_R4 AC-20(1) FedRAMP_High_R4_AC-20(1) FedRAMP High AC-20 (1) Limits On Authorized Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_High_R4 AC-20(2) FedRAMP_High_R4_AC-20(2) FedRAMP High AC-20 (2) Portable Storage Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 AC-20(2) FedRAMP_High_R4_AC-20(2) FedRAMP High AC-20 (2) Portable Storage Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 AC-20(2) FedRAMP_High_R4_AC-20(2) FedRAMP High AC-20 (2) Portable Storage Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance FedRAMP_High_R4 AC-21 FedRAMP_High_R4_AC-21 FedRAMP High AC-21 Information Sharing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance FedRAMP_High_R4 AC-21 FedRAMP_High_R4_AC-21 FedRAMP High AC-21 Information Sharing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance FedRAMP_High_R4 AC-22 FedRAMP_High_R4_AC-22 FedRAMP High AC-22 Publicly Accessible Content FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance FedRAMP_High_R4 AC-22 FedRAMP_High_R4_AC-22 FedRAMP High AC-22 Publicly Accessible Content FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance FedRAMP_High_R4 AC-22 FedRAMP_High_R4_AC-22 FedRAMP High AC-22 Publicly Accessible Content FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance FedRAMP_High_R4 AC-22 FedRAMP_High_R4_AC-22 FedRAMP High AC-22 Publicly Accessible Content FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 AC-3 FedRAMP_High_R4_AC-3 FedRAMP High AC-3 Access Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_High_R4 AC-4 FedRAMP_High_R4_AC-4 FedRAMP High AC-4 Information Flow Enforcement FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance FedRAMP_High_R4 AC-4(21) FedRAMP_High_R4_AC-4(21) FedRAMP High AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance FedRAMP_High_R4 AC-4(21) FedRAMP_High_R4_AC-4(21) FedRAMP High AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance FedRAMP_High_R4 AC-4(21) FedRAMP_High_R4_AC-4(21) FedRAMP High AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance FedRAMP_High_R4 AC-4(21) FedRAMP_High_R4_AC-4(21) FedRAMP High AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance FedRAMP_High_R4 AC-4(8) FedRAMP_High_R4_AC-4(8) FedRAMP High AC-4 (8) Security Policy Filters FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center FedRAMP_High_R4 AC-5 FedRAMP_High_R4_AC-5 FedRAMP High AC-5 Separation Of Duties FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance FedRAMP_High_R4 AC-5 FedRAMP_High_R4_AC-5 FedRAMP High AC-5 Separation Of Duties FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance FedRAMP_High_R4 AC-5 FedRAMP_High_R4_AC-5 FedRAMP High AC-5 Separation Of Duties FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance FedRAMP_High_R4 AC-5 FedRAMP_High_R4_AC-5 FedRAMP High AC-5 Separation Of Duties FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance FedRAMP_High_R4 AC-6 FedRAMP_High_R4_AC-6 FedRAMP High AC-6 Least Privilege FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance FedRAMP_High_R4 AC-6 FedRAMP_High_R4_AC-6 FedRAMP High AC-6 Least Privilege FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_High_R4 AC-6 FedRAMP_High_R4_AC-6 FedRAMP High AC-6 Least Privilege FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_High_R4 AC-6 FedRAMP_High_R4_AC-6 FedRAMP High AC-6 Least Privilege FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance FedRAMP_High_R4 AC-6(1) FedRAMP_High_R4_AC-6(1) FedRAMP High AC-6 (1) Authorize Access To Security Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance FedRAMP_High_R4 AC-6(1) FedRAMP_High_R4_AC-6(1) FedRAMP High AC-6 (1) Authorize Access To Security Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_High_R4 AC-6(1) FedRAMP_High_R4_AC-6(1) FedRAMP High AC-6 (1) Authorize Access To Security Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_High_R4 AC-6(5) FedRAMP_High_R4_AC-6(5) FedRAMP High AC-6 (5) Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance FedRAMP_High_R4 AC-6(7) FedRAMP_High_R4_AC-6(7) FedRAMP High AC-6 (7) Review Of User Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_High_R4 AC-6(7) FedRAMP_High_R4_AC-6(7) FedRAMP High AC-6 (7) Review Of User Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_High_R4 AC-6(7) FedRAMP_High_R4_AC-6(7) FedRAMP High AC-6 (7) Review Of User Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance FedRAMP_High_R4 AC-6(7) FedRAMP_High_R4_AC-6(7) FedRAMP High AC-6 (7) Review Of User Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance FedRAMP_High_R4 AC-6(8) FedRAMP_High_R4_AC-6(8) FedRAMP High AC-6 (8) Privilege Levels For Code Execution FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_High_R4 AC-6(9) FedRAMP_High_R4_AC-6(9) FedRAMP High AC-6 (9) Auditing Use Of Privileged Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance FedRAMP_High_R4 AC-7 FedRAMP_High_R4_AC-7 FedRAMP High AC-7 Unsuccessful Logon Attempts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_High_R4 AT-1 FedRAMP_High_R4_AT-1 FedRAMP High AT-1 Security Awareness And Training Policy Andprocedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance FedRAMP_High_R4 AT-1 FedRAMP_High_R4_AT-1 FedRAMP High AT-1 Security Awareness And Training Policy Andprocedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance FedRAMP_High_R4 AT-2 FedRAMP_High_R4_AT-2 FedRAMP High AT-2 Security Awareness Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance FedRAMP_High_R4 AT-2 FedRAMP_High_R4_AT-2 FedRAMP High AT-2 Security Awareness Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance FedRAMP_High_R4 AT-2 FedRAMP_High_R4_AT-2 FedRAMP High AT-2 Security Awareness Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance FedRAMP_High_R4 AT-2(2) FedRAMP_High_R4_AT-2(2) FedRAMP High AT-2 (2) Insider Threat FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance FedRAMP_High_R4 AT-3 FedRAMP_High_R4_AT-3 FedRAMP High AT-3 Role-Based Security Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance FedRAMP_High_R4 AT-3 FedRAMP_High_R4_AT-3 FedRAMP High AT-3 Role-Based Security Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance FedRAMP_High_R4 AT-3 FedRAMP_High_R4_AT-3 FedRAMP High AT-3 Role-Based Security Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance FedRAMP_High_R4 AT-3(3) FedRAMP_High_R4_AT-3(3) FedRAMP High AT-3 (3) Practical Exercises FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance FedRAMP_High_R4 AT-3(4) FedRAMP_High_R4_AT-3(4) FedRAMP High AT-3 (4) Suspicious Communications And Anomalous System Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance FedRAMP_High_R4 AT-4 FedRAMP_High_R4_AT-4 FedRAMP High AT-4 Security Training Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance FedRAMP_High_R4 AT-4 FedRAMP_High_R4_AT-4 FedRAMP High AT-4 Security Training Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance FedRAMP_High_R4 AT-4 FedRAMP_High_R4_AT-4 FedRAMP High AT-4 Security Training Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-1 FedRAMP_High_R4_AU-1 FedRAMP High AU-1 Audit And Accountability Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-1 FedRAMP_High_R4_AU-1 FedRAMP High AU-1 Audit And Accountability Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_High_R4 AU-1 FedRAMP_High_R4_AU-1 FedRAMP High AU-1 Audit And Accountability Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-1 FedRAMP_High_R4_AU-1 FedRAMP High AU-1 Audit And Accountability Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance FedRAMP_High_R4 AU-10 FedRAMP_High_R4_AU-10 FedRAMP High AU-10 Non-Repudiation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance FedRAMP_High_R4 AU-11 FedRAMP_High_R4_AU-11 FedRAMP High AU-11 Audit Record Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance FedRAMP_High_R4 AU-11 FedRAMP_High_R4_AU-11 FedRAMP High AU-11 Audit Record Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-11 FedRAMP_High_R4_AU-11 FedRAMP High AU-11 Audit Record Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL FedRAMP_High_R4 AU-11 FedRAMP_High_R4_AU-11 FedRAMP High AU-11 Audit Record Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_High_R4 AU-12 FedRAMP_High_R4_AU-12 FedRAMP High AU-12 Audit Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-12(1) FedRAMP_High_R4_AU-12(1) FedRAMP High AU-12 (1) System-Wide / Time-Correlated Audit Trail FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d200f199-69f4-95a6-90b0-37ff0cf1040c Provide the capability to extend or limit auditing on customer-deployed resources Regulatory Compliance FedRAMP_High_R4 AU-12(3) FedRAMP_High_R4_AU-12(3) FedRAMP High AU-12 (3) Changes By Authorized Individuals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_High_R4 AU-2 FedRAMP_High_R4_AU-2 FedRAMP High AU-2 Audit Events FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance FedRAMP_High_R4 AU-2(3) FedRAMP_High_R4_AU-2(3) FedRAMP High AU-2 (3) Reviews And Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_High_R4 AU-3 FedRAMP_High_R4_AU-3 FedRAMP High AU-3 Content Of Audit Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance FedRAMP_High_R4 AU-3(1) FedRAMP_High_R4_AU-3(1) FedRAMP High AU-3 (1) Additional Audit Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance FedRAMP_High_R4 AU-4 FedRAMP_High_R4_AU-4 FedRAMP High AU-4 Audit Storage Capacity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance FedRAMP_High_R4 AU-5 FedRAMP_High_R4_AU-5 FedRAMP High AU-5 Response To Audit Processing Failures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance FedRAMP_High_R4 AU-5(2) FedRAMP_High_R4_AU-5(2) FedRAMP High AU-5 (2) Real-Time Alerts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_High_R4 AU-6 FedRAMP_High_R4_AU-6 FedRAMP High AU-6 Audit Review, Analysis, And Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_High_R4 AU-6(1) FedRAMP_High_R4_AU-6(1) FedRAMP High AU-6 (1) Process Integration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance FedRAMP_High_R4 AU-6(10) FedRAMP_High_R4_AU-6(10) FedRAMP High AU-6 (10) Audit Level Adjustment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_High_R4 AU-6(3) FedRAMP_High_R4_AU-6(3) FedRAMP High AU-6 (3) Correlate Audit Repositories FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_High_R4 AU-6(3) FedRAMP_High_R4_AU-6(3) FedRAMP High AU-6 (3) Correlate Audit Repositories FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-6(4) FedRAMP_High_R4_AU-6(4) FedRAMP High AU-6 (4) Central Review And Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 AU-6(5) FedRAMP_High_R4_AU-6(5) FedRAMP High AU-6 (5) Integration / Scanning And Monitoring Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance FedRAMP_High_R4 AU-6(7) FedRAMP_High_R4_AU-6(7) FedRAMP High AU-6 (7) Permitted Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance FedRAMP_High_R4 AU-7 FedRAMP_High_R4_AU-7 FedRAMP High AU-7 Audit Reduction And Report Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance FedRAMP_High_R4 AU-7 FedRAMP_High_R4_AU-7 FedRAMP High AU-7 Audit Reduction And Report Generation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance FedRAMP_High_R4 AU-7(1) FedRAMP_High_R4_AU-7(1) FedRAMP High AU-7 (1) Automatic Processing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance FedRAMP_High_R4 AU-8 FedRAMP_High_R4_AU-8 FedRAMP High AU-8 Time Stamps FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance FedRAMP_High_R4 AU-8(1) FedRAMP_High_R4_AU-8(1) FedRAMP High AU-8 (1) Synchronization With Authoritative Time Source FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance FedRAMP_High_R4 AU-9 FedRAMP_High_R4_AU-9 FedRAMP High AU-9 Protection Of Audit Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance FedRAMP_High_R4 AU-9 FedRAMP_High_R4_AU-9 FedRAMP High AU-9 Protection Of Audit Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance FedRAMP_High_R4 AU-9(2) FedRAMP_High_R4_AU-9(2) FedRAMP High AU-9 (2) Audit Backup On Separate Physical Systems / Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance FedRAMP_High_R4 AU-9(3) FedRAMP_High_R4_AU-9(3) FedRAMP High AU-9 (3) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance FedRAMP_High_R4 AU-9(4) FedRAMP_High_R4_AU-9(4) FedRAMP High AU-9 (4) Access By Subset Of Privileged Users FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance FedRAMP_High_R4 CA-1 FedRAMP_High_R4_CA-1 FedRAMP High CA-1 Security Assessment And Authorization Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance FedRAMP_High_R4 CA-2 FedRAMP_High_R4_CA-2 FedRAMP High CA-2 Security Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance FedRAMP_High_R4 CA-2 FedRAMP_High_R4_CA-2 FedRAMP High CA-2 Security Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance FedRAMP_High_R4 CA-2 FedRAMP_High_R4_CA-2 FedRAMP High CA-2 Security Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance FedRAMP_High_R4 CA-2 FedRAMP_High_R4_CA-2 FedRAMP High CA-2 Security Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance FedRAMP_High_R4 CA-2(1) FedRAMP_High_R4_CA-2(1) FedRAMP High CA-2 (1) Independent Assessors FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance FedRAMP_High_R4 CA-2(2) FedRAMP_High_R4_CA-2(2) FedRAMP High CA-2 (2) Specialized Assessments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance FedRAMP_High_R4 CA-2(3) FedRAMP_High_R4_CA-2(3) FedRAMP High CA-2 (3) External Organizations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance FedRAMP_High_R4 CA-3 FedRAMP_High_R4_CA-3 FedRAMP High CA-3 System Interconnections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance FedRAMP_High_R4 CA-3 FedRAMP_High_R4_CA-3 FedRAMP High CA-3 System Interconnections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 CA-3(3) FedRAMP_High_R4_CA-3(3) FedRAMP High CA-3 (3) Unclassified Non-National Security System Connections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance FedRAMP_High_R4 CA-3(5) FedRAMP_High_R4_CA-3(5) FedRAMP High CA-3 (5) Restrictions On External System Connections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance FedRAMP_High_R4 CA-5 FedRAMP_High_R4_CA-5 FedRAMP High CA-5 Plan Of Action And Milestones FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance FedRAMP_High_R4 CA-5 FedRAMP_High_R4_CA-5 FedRAMP High CA-5 Plan Of Action And Milestones FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance FedRAMP_High_R4 CA-6 FedRAMP_High_R4_CA-6 FedRAMP High CA-6 Security Authorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance FedRAMP_High_R4 CA-6 FedRAMP_High_R4_CA-6 FedRAMP High CA-6 Security Authorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance FedRAMP_High_R4 CA-6 FedRAMP_High_R4_CA-6 FedRAMP High CA-6 Security Authorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance FedRAMP_High_R4 CA-7 FedRAMP_High_R4_CA-7 FedRAMP High CA-7 Continuous Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance FedRAMP_High_R4 CA-7 FedRAMP_High_R4_CA-7 FedRAMP High CA-7 Continuous Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance FedRAMP_High_R4 CA-7 FedRAMP_High_R4_CA-7 FedRAMP High CA-7 Continuous Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance FedRAMP_High_R4 CA-7(1) FedRAMP_High_R4_CA-7(1) FedRAMP High CA-7 (1) Independent Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring Regulatory Compliance FedRAMP_High_R4 CA-7(3) FedRAMP_High_R4_CA-7(3) FedRAMP High CA-7 (3) Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance FedRAMP_High_R4 CA-8(1) FedRAMP_High_R4_CA-8(1) FedRAMP High CA-8 (1) Independent Penetration Agent Or Team FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance FedRAMP_High_R4 CA-9 FedRAMP_High_R4_CA-9 FedRAMP High CA-9 Internal System Connections FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance FedRAMP_High_R4 CM-1 FedRAMP_High_R4_CM-1 FedRAMP High CM-1 Configuration Management Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_High_R4 CM-10 FedRAMP_High_R4_CM-10 FedRAMP High CM-10 Software Usage Restrictions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance FedRAMP_High_R4 CM-10 FedRAMP_High_R4_CM-10 FedRAMP High CM-10 Software Usage Restrictions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_High_R4 CM-10 FedRAMP_High_R4_CM-10 FedRAMP High CM-10 Software Usage Restrictions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance FedRAMP_High_R4 CM-10 FedRAMP_High_R4_CM-10 FedRAMP High CM-10 Software Usage Restrictions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance FedRAMP_High_R4 CM-10(1) FedRAMP_High_R4_CM-10(1) FedRAMP High CM-10 (1) Open Source Software FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_High_R4 CM-11 FedRAMP_High_R4_CM-11 FedRAMP High CM-11 User-Installed Software FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_High_R4 CM-11 FedRAMP_High_R4_CM-11 FedRAMP High CM-11 User-Installed Software FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_High_R4 CM-2 FedRAMP_High_R4_CM-2 FedRAMP High CM-2 Baseline Configuration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance FedRAMP_High_R4 CM-2(2) FedRAMP_High_R4_CM-2(2) FedRAMP High CM-2 (2) Automation Support For Accuracy / Currency FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance FedRAMP_High_R4 CM-2(3) FedRAMP_High_R4_CM-2(3) FedRAMP High CM-2 (3) Retention Of Previous Configurations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance FedRAMP_High_R4 CM-2(7) FedRAMP_High_R4_CM-2(7) FedRAMP High CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance FedRAMP_High_R4 CM-2(7) FedRAMP_High_R4_CM-2(7) FedRAMP High CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_High_R4 CM-3 FedRAMP_High_R4_CM-3 FedRAMP High CM-3 Configuration Change Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance FedRAMP_High_R4 CM-3(1) FedRAMP_High_R4_CM-3(1) FedRAMP High CM-3 (1) Automated Document / Notification / Prohibition Of Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-3(2) FedRAMP_High_R4_CM-3(2) FedRAMP High CM-3 (2) Test / Validate / Document Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_High_R4 CM-3(2) FedRAMP_High_R4_CM-3(2) FedRAMP High CM-3 (2) Test / Validate / Document Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_High_R4 CM-3(2) FedRAMP_High_R4_CM-3(2) FedRAMP High CM-3 (2) Test / Validate / Document Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control Regulatory Compliance FedRAMP_High_R4 CM-3(4) FedRAMP_High_R4_CM-3(4) FedRAMP High CM-3 (4) Security Representative FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance FedRAMP_High_R4 CM-3(6) FedRAMP_High_R4_CM-3(6) FedRAMP High CM-3 (6) Cryptography Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_High_R4 CM-4 FedRAMP_High_R4_CM-4 FedRAMP High CM-4 Security Impact Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_High_R4 CM-4(1) FedRAMP_High_R4_CM-4(1) FedRAMP High CM-4 (1) Separate Test Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_High_R4 CM-5 FedRAMP_High_R4_CM-5 FedRAMP High CM-5 Access Restrictions For Change FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance FedRAMP_High_R4 CM-5(1) FedRAMP_High_R4_CM-5(1) FedRAMP High CM-5 (1) Automated Access Enforcement / Auditing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance FedRAMP_High_R4 CM-5(2) FedRAMP_High_R4_CM-5(2) FedRAMP High CM-5 (2) Review System Changes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance FedRAMP_High_R4 CM-5(3) FedRAMP_High_R4_CM-5(3) FedRAMP High CM-5 (3) Signed Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance FedRAMP_High_R4 CM-5(5) FedRAMP_High_R4_CM-5(5) FedRAMP High CM-5 (5) Limit Production / Operational Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance FedRAMP_High_R4 CM-5(5) FedRAMP_High_R4_CM-5(5) FedRAMP High CM-5 (5) Limit Production / Operational Privileges FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes FedRAMP_High_R4 CM-6 FedRAMP_High_R4_CM-6 FedRAMP High CM-6 Configuration Settings FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance FedRAMP_High_R4 CM-6(1) FedRAMP_High_R4_CM-6(1) FedRAMP High CM-6 (1) Automated Central Management / Application / Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_High_R4 CM-6(1) FedRAMP_High_R4_CM-6(1) FedRAMP High CM-6 (1) Automated Central Management / Application / Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance FedRAMP_High_R4 CM-6(1) FedRAMP_High_R4_CM-6(1) FedRAMP High CM-6 (1) Automated Central Management / Application / Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_High_R4 CM-7 FedRAMP_High_R4_CM-7 FedRAMP High CM-7 Least Functionality FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_High_R4 CM-7 FedRAMP_High_R4_CM-7 FedRAMP High CM-7 Least Functionality FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 CM-7 FedRAMP_High_R4_CM-7 FedRAMP High CM-7 Least Functionality FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_High_R4 CM-7(2) FedRAMP_High_R4_CM-7(2) FedRAMP High CM-7 (2) Prevent Program Execution FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_High_R4 CM-7(2) FedRAMP_High_R4_CM-7(2) FedRAMP High CM-7 (2) Prevent Program Execution FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_High_R4 CM-7(5) FedRAMP_High_R4_CM-7(5) FedRAMP High CM-7 (5) Authorized Software / Whitelisting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_High_R4 CM-7(5) FedRAMP_High_R4_CM-7(5) FedRAMP High CM-7 (5) Authorized Software / Whitelisting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_High_R4 CM-8 FedRAMP_High_R4_CM-8 FedRAMP High CM-8 Information System Component Inventory FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance FedRAMP_High_R4 CM-8 FedRAMP_High_R4_CM-8 FedRAMP High CM-8 Information System Component Inventory FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_High_R4 CM-8(1) FedRAMP_High_R4_CM-8(1) FedRAMP High CM-8 (1) Updates During Installations / Removals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance FedRAMP_High_R4 CM-8(1) FedRAMP_High_R4_CM-8(1) FedRAMP High CM-8 (1) Updates During Installations / Removals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance FedRAMP_High_R4 CM-8(3) FedRAMP_High_R4_CM-8(3) FedRAMP High CM-8 (3) Automated Unauthorized Component Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance FedRAMP_High_R4 CM-8(3) FedRAMP_High_R4_CM-8(3) FedRAMP High CM-8 (3) Automated Unauthorized Component Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance FedRAMP_High_R4 CM-8(4) FedRAMP_High_R4_CM-8(4) FedRAMP High CM-8 (4) Accountability Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_High_R4 CM-8(4) FedRAMP_High_R4_CM-8(4) FedRAMP High CM-8 (4) Accountability Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_High_R4 CM-9 FedRAMP_High_R4_CM-9 FedRAMP High CM-9 Configuration Management Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance FedRAMP_High_R4 CP-1 FedRAMP_High_R4_CP-1 FedRAMP High CP-1 Contingency Planning Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance FedRAMP_High_R4 CP-10 FedRAMP_High_R4_CP-10 FedRAMP High CP-10 Information System Recovery And Reconstitution FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance FedRAMP_High_R4 CP-10(2) FedRAMP_High_R4_CP-10(2) FedRAMP High CP-10 (2) Transaction Recovery FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state Regulatory Compliance FedRAMP_High_R4 CP-10(4) FedRAMP_High_R4_CP-10(4) FedRAMP High CP-10 (4) Restore Within Time Period FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_High_R4 CP-2 FedRAMP_High_R4_CP-2 FedRAMP High CP-2 Contingency Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_High_R4 CP-2(1) FedRAMP_High_R4_CP-2(1) FedRAMP High CP-2 (1) Coordinate With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance FedRAMP_High_R4 CP-2(2) FedRAMP_High_R4_CP-2(2) FedRAMP High CP-2 (2) Capacity Planning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance FedRAMP_High_R4 CP-2(3) FedRAMP_High_R4_CP-2(3) FedRAMP High CP-2 (3) Resume Essential Missions / Business Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance FedRAMP_High_R4 CP-2(4) FedRAMP_High_R4_CP-2(4) FedRAMP High CP-2 (4) Resume All Missions / Business Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance FedRAMP_High_R4 CP-2(5) FedRAMP_High_R4_CP-2(5) FedRAMP High CP-2 (5) Continue Essential Missions / Business Functions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance FedRAMP_High_R4 CP-2(8) FedRAMP_High_R4_CP-2(8) FedRAMP High CP-2 (8) Identify Critical Assets FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance FedRAMP_High_R4 CP-3 FedRAMP_High_R4_CP-3 FedRAMP High CP-3 Contingency Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance FedRAMP_High_R4 CP-3(1) FedRAMP_High_R4_CP-3(1) FedRAMP High CP-3 (1) Simulated Events FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance FedRAMP_High_R4 CP-4 FedRAMP_High_R4_CP-4 FedRAMP High CP-4 Contingency Plan Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance FedRAMP_High_R4 CP-4 FedRAMP_High_R4_CP-4 FedRAMP High CP-4 Contingency Plan Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance FedRAMP_High_R4 CP-4 FedRAMP_High_R4_CP-4 FedRAMP High CP-4 Contingency Plan Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_High_R4 CP-4(1) FedRAMP_High_R4_CP-4(1) FedRAMP High CP-4 (1) Coordinate With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance FedRAMP_High_R4 CP-4(2) FedRAMP_High_R4_CP-4(2) FedRAMP High CP-4 (2) Alternate Processing Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
60442979-6333-85f0-84c5-b887bac67448 Evaluate alternate processing site capabilities Regulatory Compliance FedRAMP_High_R4 CP-4(2) FedRAMP_High_R4_CP-4(2) FedRAMP High CP-4 (2) Alternate Processing Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_High_R4 CP-6 FedRAMP_High_R4_CP-6 FedRAMP High CP-6 Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL FedRAMP_High_R4 CP-6(1) FedRAMP_High_R4_CP-6(1) FedRAMP High CP-6 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance FedRAMP_High_R4 CP-6(2) FedRAMP_High_R4_CP-6(2) FedRAMP High CP-6 (2) Recovery Time / Point Objectives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance FedRAMP_High_R4 CP-6(3) FedRAMP_High_R4_CP-6(3) FedRAMP High CP-6 (3) Accessibility FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_High_R4 CP-7 FedRAMP_High_R4_CP-7 FedRAMP High CP-7 Alternate Processing Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute FedRAMP_High_R4 CP-7 FedRAMP_High_R4_CP-7 FedRAMP High CP-7 Alternate Processing Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_High_R4 CP-7(1) FedRAMP_High_R4_CP-7(1) FedRAMP High CP-7 (1) Separation From Primary Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_High_R4 CP-7(2) FedRAMP_High_R4_CP-7(2) FedRAMP High CP-7 (2) Accessibility FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance FedRAMP_High_R4 CP-7(3) FedRAMP_High_R4_CP-7(3) FedRAMP High CP-7 (3) Priority Of Service FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_High_R4 CP-7(3) FedRAMP_High_R4_CP-7(3) FedRAMP High CP-7 (3) Priority Of Service FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site Regulatory Compliance FedRAMP_High_R4 CP-7(4) FedRAMP_High_R4_CP-7(4) FedRAMP High CP-7 (4) Preparation For Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance FedRAMP_High_R4 CP-8(1) FedRAMP_High_R4_CP-8(1) FedRAMP High CP-8 (1) Priority Of Service Provisions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault FedRAMP_High_R4 CP-9 FedRAMP_High_R4_CP-9 FedRAMP High CP-9 Information System Backup FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance FedRAMP_High_R4 CP-9(3) FedRAMP_High_R4_CP-9(3) FedRAMP High CP-9 (3) Separate Storage For Critical Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance FedRAMP_High_R4 CP-9(5) FedRAMP_High_R4_CP-9(5) FedRAMP High CP-9 (5) Transfer To Alternate Storage Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance FedRAMP_High_R4 IA-1 FedRAMP_High_R4_IA-1 FedRAMP High IA-1 Identification And Authentication Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance FedRAMP_High_R4 IA-2 FedRAMP_High_R4_IA-2 FedRAMP High IA-2 Identification And Authentication (Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center FedRAMP_High_R4 IA-2(1) FedRAMP_High_R4_IA-2(1) FedRAMP High IA-2 (1) Network Access To Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center FedRAMP_High_R4 IA-2(1) FedRAMP_High_R4_IA-2(1) FedRAMP High IA-2 (1) Network Access To Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_High_R4 IA-2(1) FedRAMP_High_R4_IA-2(1) FedRAMP High IA-2 (1) Network Access To Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance FedRAMP_High_R4 IA-2(11) FedRAMP_High_R4_IA-2(11) FedRAMP High IA-2 (11) Remote Access - Separate Device FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_High_R4 IA-2(11) FedRAMP_High_R4_IA-2(11) FedRAMP High IA-2 (11) Remote Access - Separate Device FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance FedRAMP_High_R4 IA-2(12) FedRAMP_High_R4_IA-2(12) FedRAMP High IA-2 (12) Acceptance Of Piv Credentials FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_High_R4 IA-2(2) FedRAMP_High_R4_IA-2(2) FedRAMP High IA-2 (2) Network Access To Non-Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center FedRAMP_High_R4 IA-2(2) FedRAMP_High_R4_IA-2(2) FedRAMP High IA-2 (2) Network Access To Non-Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_High_R4 IA-2(3) FedRAMP_High_R4_IA-2(3) FedRAMP High IA-2 (3) Local Access To Privileged Accounts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance FedRAMP_High_R4 IA-2(5) FedRAMP_High_R4_IA-2(5) FedRAMP High IA-2 (5) Group Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_High_R4 IA-4 FedRAMP_High_R4_IA-4 FedRAMP High IA-4 Identifier Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance FedRAMP_High_R4 IA-4(4) FedRAMP_High_R4_IA-4(4) FedRAMP High IA-4 (4) Identify User Status FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_High_R4 IA-5 FedRAMP_High_R4_IA-5 FedRAMP High IA-5 Authenticator Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_High_R4 IA-5(1) FedRAMP_High_R4_IA-5(1) FedRAMP High IA-5 (1) Password-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance FedRAMP_High_R4 IA-5(11) FedRAMP_High_R4_IA-5(11) FedRAMP High IA-5 (11) Hardware Token-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c7e8ddc1-14aa-1814-7fe1-aad1742b27da Enforce expiration of cached authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(13) FedRAMP_High_R4_IA-5(13) FedRAMP High IA-5 (13) Expiration Of Cached Authenticators FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(2) FedRAMP_High_R4_IA-5(2) FedRAMP High IA-5 (2) Pki-Based Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(3) FedRAMP_High_R4_IA-5(3) FedRAMP High IA-5 (3) In-Person Or Trusted Third-Party Registration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance FedRAMP_High_R4 IA-5(4) FedRAMP_High_R4_IA-5(4) FedRAMP High IA-5 (4) Automated Support For Password Strength Determination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance FedRAMP_High_R4 IA-5(4) FedRAMP_High_R4_IA-5(4) FedRAMP High IA-5 (4) Automated Support For Password Strength Determination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 IA-5(4) FedRAMP_High_R4_IA-5(4) FedRAMP High IA-5 (4) Automated Support For Password Strength Determination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(6) FedRAMP_High_R4_IA-5(6) FedRAMP High IA-5 (6) Protection Of Authenticators FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance FedRAMP_High_R4 IA-5(7) FedRAMP_High_R4_IA-5(7) FedRAMP High IA-5 (7) No Embedded Unencrypted Static Authenticators FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance FedRAMP_High_R4 IA-6 FedRAMP_High_R4_IA-6 FedRAMP High IA-6 Authenticator Feedback FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance FedRAMP_High_R4 IA-7 FedRAMP_High_R4_IA-7 FedRAMP High IA-7 Cryptographic Module Authentication FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance FedRAMP_High_R4 IA-8 FedRAMP_High_R4_IA-8 FedRAMP High IA-8 Identification And Authentication (Non- Organizational Users) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance FedRAMP_High_R4 IA-8(1) FedRAMP_High_R4_IA-8(1) FedRAMP High IA-8 (1) Acceptance Of Piv Credentials From Other Agencies FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance FedRAMP_High_R4 IA-8(2) FedRAMP_High_R4_IA-8(2) FedRAMP High IA-8 (2) Acceptance Of Third-Party Credentials FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance FedRAMP_High_R4 IA-8(3) FedRAMP_High_R4_IA-8(3) FedRAMP High IA-8 (3) Use Of Ficam-Approved Products FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance FedRAMP_High_R4 IA-8(4) FedRAMP_High_R4_IA-8(4) FedRAMP High IA-8 (4) Use Of Ficam-Issued Profiles FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance FedRAMP_High_R4 IR-1 FedRAMP_High_R4_IR-1 FedRAMP High IR-1 Incident Response Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance FedRAMP_High_R4 IR-2 FedRAMP_High_R4_IR-2 FedRAMP High IR-2 Incident Response Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance FedRAMP_High_R4 IR-2(1) FedRAMP_High_R4_IR-2(1) FedRAMP High IR-2 (1) Simulated Events FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance FedRAMP_High_R4 IR-2(2) FedRAMP_High_R4_IR-2(2) FedRAMP High IR-2 (2) Automated Training Environments FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance FedRAMP_High_R4 IR-3 FedRAMP_High_R4_IR-3 FedRAMP High IR-3 Incident Response Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance FedRAMP_High_R4 IR-3 FedRAMP_High_R4_IR-3 FedRAMP High IR-3 Incident Response Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_High_R4 IR-3 FedRAMP_High_R4_IR-3 FedRAMP High IR-3 Incident Response Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance FedRAMP_High_R4 IR-3(2) FedRAMP_High_R4_IR-3(2) FedRAMP High IR-3 (2) Coordination With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance FedRAMP_High_R4 IR-3(2) FedRAMP_High_R4_IR-3(2) FedRAMP High IR-3 (2) Coordination With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_High_R4 IR-3(2) FedRAMP_High_R4_IR-3(2) FedRAMP High IR-3 (2) Coordination With Related Plans FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FedRAMP_High_R4 IR-4 FedRAMP_High_R4_IR-4 FedRAMP High IR-4 Incident Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_High_R4 IR-4(1) FedRAMP_High_R4_IR-4(1) FedRAMP High IR-4 (1) Automated Incident Handling Processes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-4(1) FedRAMP_High_R4_IR-4(1) FedRAMP High IR-4 (1) Automated Incident Handling Processes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-4(1) FedRAMP_High_R4_IR-4(1) FedRAMP High IR-4 (1) Automated Incident Handling Processes FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources Regulatory Compliance FedRAMP_High_R4 IR-4(2) FedRAMP_High_R4_IR-4(2) FedRAMP High IR-4 (2) Dynamic Reconfiguration FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance FedRAMP_High_R4 IR-4(3) FedRAMP_High_R4_IR-4(3) FedRAMP High IR-4 (3) Continuity Of Operations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-4(4) FedRAMP_High_R4_IR-4(4) FedRAMP High IR-4 (4) Information Correlation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance FedRAMP_High_R4 IR-4(6) FedRAMP_High_R4_IR-4(6) FedRAMP High IR-4 (6) Insider Threats - Specific Capabilities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance FedRAMP_High_R4 IR-4(8) FedRAMP_High_R4_IR-4(8) FedRAMP High IR-4 (8) Correlation With External Organizations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 IR-5 FedRAMP_High_R4_IR-5 FedRAMP High IR-5 Incident Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_High_R4 IR-6(1) FedRAMP_High_R4_IR-6(1) FedRAMP High IR-6 (1) Automated Reporting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_High_R4 IR-7 FedRAMP_High_R4_IR-7 FedRAMP High IR-7 Incident Response Assistance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance FedRAMP_High_R4 IR-7(1) FedRAMP_High_R4_IR-7(1) FedRAMP High IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance FedRAMP_High_R4 IR-7(2) FedRAMP_High_R4_IR-7(2) FedRAMP High IR-7 (2) Coordination With External Providers FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance FedRAMP_High_R4 IR-7(2) FedRAMP_High_R4_IR-7(2) FedRAMP High IR-7 (2) Coordination With External Providers FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_High_R4 IR-8 FedRAMP_High_R4_IR-8 FedRAMP High IR-8 Incident Response Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_High_R4 IR-9 FedRAMP_High_R4_IR-9 FedRAMP High IR-9 Information Spillage Response FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance FedRAMP_High_R4 IR-9(1) FedRAMP_High_R4_IR-9(1) FedRAMP High IR-9 (1) Responsible Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance FedRAMP_High_R4 IR-9(2) FedRAMP_High_R4_IR-9(2) FedRAMP High IR-9 (2) Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures Regulatory Compliance FedRAMP_High_R4 IR-9(3) FedRAMP_High_R4_IR-9(3) FedRAMP High IR-9 (3) Post-Spill Operations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance FedRAMP_High_R4 IR-9(4) FedRAMP_High_R4_IR-9(4) FedRAMP High IR-9 (4) Exposure To Unauthorized Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance FedRAMP_High_R4 MA-1 FedRAMP_High_R4_MA-1 FedRAMP High MA-1 System Maintenance Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-2 FedRAMP_High_R4_MA-2 FedRAMP High MA-2 Controlled Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MA-2 FedRAMP_High_R4_MA-2 FedRAMP High MA-2 Controlled Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MA-2 FedRAMP_High_R4_MA-2 FedRAMP High MA-2 Controlled Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-2 FedRAMP_High_R4_MA-2 FedRAMP High MA-2 Controlled Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance FedRAMP_High_R4 MA-2(2) FedRAMP_High_R4_MA-2(2) FedRAMP High MA-2 (2) Automated Maintenance Activities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance FedRAMP_High_R4 MA-2(2) FedRAMP_High_R4_MA-2(2) FedRAMP High MA-2 (2) Automated Maintenance Activities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-3 FedRAMP_High_R4_MA-3 FedRAMP High MA-3 Maintenance Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-3 FedRAMP_High_R4_MA-3 FedRAMP High MA-3 Maintenance Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-3(1) FedRAMP_High_R4_MA-3(1) FedRAMP High MA-3 (1) Inspect Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-3(1) FedRAMP_High_R4_MA-3(1) FedRAMP High MA-3 (1) Inspect Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-3(2) FedRAMP_High_R4_MA-3(2) FedRAMP High MA-3 (2) Inspect Media FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-3(2) FedRAMP_High_R4_MA-3(2) FedRAMP High MA-3 (2) Inspect Media FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-3(3) FedRAMP_High_R4_MA-3(3) FedRAMP High MA-3 (3) Prevent Unauthorized Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MA-3(3) FedRAMP_High_R4_MA-3(3) FedRAMP High MA-3 (3) Prevent Unauthorized Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_High_R4 MA-3(3) FedRAMP_High_R4_MA-3(3) FedRAMP High MA-3 (3) Prevent Unauthorized Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MA-3(3) FedRAMP_High_R4_MA-3(3) FedRAMP High MA-3 (3) Prevent Unauthorized Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-4 FedRAMP_High_R4_MA-4 FedRAMP High MA-4 Nonlocal Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_High_R4 MA-4(2) FedRAMP_High_R4_MA-4(2) FedRAMP High MA-4 (2) Document Nonlocal Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance Regulatory Compliance FedRAMP_High_R4 MA-4(3) FedRAMP_High_R4_MA-4(3) FedRAMP High MA-4 (3) Comparable Security / Sanitization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance FedRAMP_High_R4 MA-4(6) FedRAMP_High_R4_MA-4(6) FedRAMP High MA-4 (6) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance FedRAMP_High_R4 MA-5 FedRAMP_High_R4_MA-5 FedRAMP High MA-5 Maintenance Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance FedRAMP_High_R4 MA-5 FedRAMP_High_R4_MA-5 FedRAMP High MA-5 Maintenance Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance FedRAMP_High_R4 MA-5 FedRAMP_High_R4_MA-5 FedRAMP High MA-5 Maintenance Personnel FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MA-5(1) FedRAMP_High_R4_MA-5(1) FedRAMP High MA-5 (1) Individuals Without Appropriate Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MA-5(1) FedRAMP_High_R4_MA-5(1) FedRAMP High MA-5 (1) Individuals Without Appropriate Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance FedRAMP_High_R4 MA-6 FedRAMP_High_R4_MA-6 FedRAMP High MA-6 Timely Maintenance FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance FedRAMP_High_R4 MP-1 FedRAMP_High_R4_MP-1 FedRAMP High MP-1 Media Protection Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-2 FedRAMP_High_R4_MP-2 FedRAMP High MP-2 Media Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-3 FedRAMP_High_R4_MP-3 FedRAMP High MP-3 Media Marking FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-4 FedRAMP_High_R4_MP-4 FedRAMP High MP-4 Media Storage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MP-4 FedRAMP_High_R4_MP-4 FedRAMP High MP-4 Media Storage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_High_R4 MP-5 FedRAMP_High_R4_MP-5 FedRAMP High MP-5 Media Transport FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-5 FedRAMP_High_R4_MP-5 FedRAMP High MP-5 Media Transport FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-5(4) FedRAMP_High_R4_MP-5(4) FedRAMP High MP-5 (4) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_High_R4 MP-5(4) FedRAMP_High_R4_MP-5(4) FedRAMP High MP-5 (4) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-6 FedRAMP_High_R4_MP-6 FedRAMP High MP-6 Media Sanitization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MP-6 FedRAMP_High_R4_MP-6 FedRAMP High MP-6 Media Sanitization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MP-6(1) FedRAMP_High_R4_MP-6(1) FedRAMP High MP-6 (1) Review / Approve / Track / Document / Verify FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-6(1) FedRAMP_High_R4_MP-6(1) FedRAMP High MP-6 (1) Review / Approve / Track / Document / Verify FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-6(2) FedRAMP_High_R4_MP-6(2) FedRAMP High MP-6 (2) Equipment Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_High_R4 MP-6(2) FedRAMP_High_R4_MP-6(2) FedRAMP High MP-6 (2) Equipment Testing FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance FedRAMP_High_R4 MP-7 FedRAMP_High_R4_MP-7 FedRAMP High MP-7 Media Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 MP-7 FedRAMP_High_R4_MP-7 FedRAMP High MP-7 Media Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-7 FedRAMP_High_R4_MP-7 FedRAMP High MP-7 Media Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_High_R4 MP-7 FedRAMP_High_R4_MP-7 FedRAMP High MP-7 Media Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance FedRAMP_High_R4 MP-7(1) FedRAMP_High_R4_MP-7(1) FedRAMP High MP-7 (1) Prohibit Use Without Owner FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 MP-7(1) FedRAMP_High_R4_MP-7(1) FedRAMP High MP-7 (1) Prohibit Use Without Owner FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_High_R4 MP-7(1) FedRAMP_High_R4_MP-7(1) FedRAMP High MP-7 (1) Prohibit Use Without Owner FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 MP-7(1) FedRAMP_High_R4_MP-7(1) FedRAMP High MP-7 (1) Prohibit Use Without Owner FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance FedRAMP_High_R4 PE-1 FedRAMP_High_R4_PE-1 FedRAMP High PE-1 Physical And Environmental Protection Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance FedRAMP_High_R4 PE-12 FedRAMP_High_R4_PE-12 FedRAMP High PE-12 Emergency Lighting FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-13 FedRAMP_High_R4_PE-13 FedRAMP High PE-13 Fire Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-13(1) FedRAMP_High_R4_PE-13(1) FedRAMP High PE-13 (1) Detection Devices / Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_High_R4 PE-13(1) FedRAMP_High_R4_PE-13(1) FedRAMP High PE-13 (1) Detection Devices / Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance FedRAMP_High_R4 PE-13(1) FedRAMP_High_R4_PE-13(1) FedRAMP High PE-13 (1) Detection Devices / Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-13(2) FedRAMP_High_R4_PE-13(2) FedRAMP High PE-13 (2) Suppression Devices / Systems FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-13(3) FedRAMP_High_R4_PE-13(3) FedRAMP High PE-13 (3) Automatic Fire Suppression FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-14 FedRAMP_High_R4_PE-14 FedRAMP High PE-14 Temperature And Humidity Controls FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance FedRAMP_High_R4 PE-14(2) FedRAMP_High_R4_PE-14(2) FedRAMP High PE-14 (2) Monitoring With Alarms / Notifications FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-14(2) FedRAMP_High_R4_PE-14(2) FedRAMP High PE-14 (2) Monitoring With Alarms / Notifications FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-15 FedRAMP_High_R4_PE-15 FedRAMP High PE-15 Water Damage Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_High_R4 PE-16 FedRAMP_High_R4_PE-16 FedRAMP High PE-16 Delivery And Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance FedRAMP_High_R4 PE-16 FedRAMP_High_R4_PE-16 FedRAMP High PE-16 Delivery And Removal FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_High_R4 PE-17 FedRAMP_High_R4_PE-17 FedRAMP High PE-17 Alternate Work Site FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-18 FedRAMP_High_R4_PE-18 FedRAMP High PE-18 Location Of Information System Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-2 FedRAMP_High_R4_PE-2 FedRAMP High PE-2 Physical Access Authorizations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance FedRAMP_High_R4 PE-3 FedRAMP_High_R4_PE-3 FedRAMP High PE-3 Physical Access Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-3 FedRAMP_High_R4_PE-3 FedRAMP High PE-3 Physical Access Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-3 FedRAMP_High_R4_PE-3 FedRAMP High PE-3 Physical Access Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance FedRAMP_High_R4 PE-3 FedRAMP_High_R4_PE-3 FedRAMP High PE-3 Physical Access Control FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-4 FedRAMP_High_R4_PE-4 FedRAMP High PE-4 Access Control For Transmission Medium FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-4 FedRAMP_High_R4_PE-4 FedRAMP High PE-4 Access Control For Transmission Medium FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance FedRAMP_High_R4 PE-5 FedRAMP_High_R4_PE-5 FedRAMP High PE-5 Access Control For Output Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-5 FedRAMP_High_R4_PE-5 FedRAMP High PE-5 Access Control For Output Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-5 FedRAMP_High_R4_PE-5 FedRAMP High PE-5 Access Control For Output Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance FedRAMP_High_R4 PE-6(1) FedRAMP_High_R4_PE-6(1) FedRAMP High PE-6 (1) Intrusion Alarms / Surveillance Equipment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance FedRAMP_High_R4 PE-6(1) FedRAMP_High_R4_PE-6(1) FedRAMP High PE-6 (1) Intrusion Alarms / Surveillance Equipment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 PE-8 FedRAMP_High_R4_PE-8 FedRAMP High PE-8 Visitor Access Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_High_R4 PE-8 FedRAMP_High_R4_PE-8 FedRAMP High PE-8 Visitor Access Records FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance FedRAMP_High_R4 PL-1 FedRAMP_High_R4_PL-1 FedRAMP High PL-1 Security Planning Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance FedRAMP_High_R4 PL-2 FedRAMP_High_R4_PL-2 FedRAMP High PL-2 System Security Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance FedRAMP_High_R4 PL-2(3) FedRAMP_High_R4_PL-2(3) FedRAMP High PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance FedRAMP_High_R4 PL-2(3) FedRAMP_High_R4_PL-2(3) FedRAMP High PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance FedRAMP_High_R4 PL-2(3) FedRAMP_High_R4_PL-2(3) FedRAMP High PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance FedRAMP_High_R4 PL-4 FedRAMP_High_R4_PL-4 FedRAMP High PL-4 Rules Of Behavior FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance FedRAMP_High_R4 PL-4(1) FedRAMP_High_R4_PL-4(1) FedRAMP High PL-4 (1) Social Media And Networking Restrictions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance FedRAMP_High_R4 PL-8 FedRAMP_High_R4_PL-8 FedRAMP High PL-8 Information Security Architecture FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance FedRAMP_High_R4 PL-8 FedRAMP_High_R4_PL-8 FedRAMP High PL-8 Information Security Architecture FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance FedRAMP_High_R4 PS-1 FedRAMP_High_R4_PS-1 FedRAMP High PS-1 Personnel Security Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance FedRAMP_High_R4 PS-2 FedRAMP_High_R4_PS-2 FedRAMP High PS-2 Position Risk Designation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance FedRAMP_High_R4 PS-3 FedRAMP_High_R4_PS-3 FedRAMP High PS-3 Personnel Screening FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance FedRAMP_High_R4 PS-3 FedRAMP_High_R4_PS-3 FedRAMP High PS-3 Personnel Screening FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance FedRAMP_High_R4 PS-3 FedRAMP_High_R4_PS-3 FedRAMP High PS-3 Personnel Screening FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance FedRAMP_High_R4 PS-3(3) FedRAMP_High_R4_PS-3(3) FedRAMP High PS-3 (3) Information With Special Protection Measures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance FedRAMP_High_R4 PS-4 FedRAMP_High_R4_PS-4 FedRAMP High PS-4 Personnel Termination FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
729c8708-2bec-093c-8427-2e87d2cd426d Automate notification of employee termination Regulatory Compliance FedRAMP_High_R4 PS-4(2) FedRAMP_High_R4_PS-4(2) FedRAMP High PS-4 (2) Automated Notification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance FedRAMP_High_R4 PS-5 FedRAMP_High_R4_PS-5 FedRAMP High PS-5 Personnel Transfer FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance FedRAMP_High_R4 PS-5 FedRAMP_High_R4_PS-5 FedRAMP High PS-5 Personnel Transfer FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance FedRAMP_High_R4 PS-5 FedRAMP_High_R4_PS-5 FedRAMP High PS-5 Personnel Transfer FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance FedRAMP_High_R4 PS-5 FedRAMP_High_R4_PS-5 FedRAMP High PS-5 Personnel Transfer FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance FedRAMP_High_R4 PS-6 FedRAMP_High_R4_PS-6 FedRAMP High PS-6 Access Agreements FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance FedRAMP_High_R4 PS-7 FedRAMP_High_R4_PS-7 FedRAMP High PS-7 Third-Party Personnel Security FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance FedRAMP_High_R4 PS-8 FedRAMP_High_R4_PS-8 FedRAMP High PS-8 Personnel Sanctions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance FedRAMP_High_R4 PS-8 FedRAMP_High_R4_PS-8 FedRAMP High PS-8 Personnel Sanctions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance FedRAMP_High_R4 RA-1 FedRAMP_High_R4_RA-1 FedRAMP High RA-1 Risk Assessment Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance FedRAMP_High_R4 RA-2 FedRAMP_High_R4_RA-2 FedRAMP High RA-2 Security Categorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance FedRAMP_High_R4 RA-2 FedRAMP_High_R4_RA-2 FedRAMP High RA-2 Security Categorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance FedRAMP_High_R4 RA-2 FedRAMP_High_R4_RA-2 FedRAMP High RA-2 Security Categorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance FedRAMP_High_R4 RA-2 FedRAMP_High_R4_RA-2 FedRAMP High RA-2 Security Categorization FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_High_R4 RA-3 FedRAMP_High_R4_RA-3 FedRAMP High RA-3 Risk Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance FedRAMP_High_R4 RA-3 FedRAMP_High_R4_RA-3 FedRAMP High RA-3 Risk Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance FedRAMP_High_R4 RA-3 FedRAMP_High_R4_RA-3 FedRAMP High RA-3 Risk Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance FedRAMP_High_R4 RA-3 FedRAMP_High_R4_RA-3 FedRAMP High RA-3 Risk Assessment FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5 FedRAMP_High_R4_RA-5 FedRAMP High RA-5 Vulnerability Scanning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5(1) FedRAMP_High_R4_RA-5(1) FedRAMP High RA-5 (1) Update Tool Capability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5(1) FedRAMP_High_R4_RA-5(1) FedRAMP High RA-5 (1) Update Tool Capability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance FedRAMP_High_R4 RA-5(10) FedRAMP_High_R4_RA-5(10) FedRAMP High RA-5 (10) Correlate Scanning Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5(2) FedRAMP_High_R4_RA-5(2) FedRAMP High RA-5 (2) Update By Frequency / Prior To New Scan / When Identified FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5(2) FedRAMP_High_R4_RA-5(2) FedRAMP High RA-5 (2) Update By Frequency / Prior To New Scan / When Identified FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5(3) FedRAMP_High_R4_RA-5(3) FedRAMP High RA-5 (3) Breadth / Depth Of Coverage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5(3) FedRAMP_High_R4_RA-5(3) FedRAMP High RA-5 (3) Breadth / Depth Of Coverage FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d25cbded-121e-0ed6-1857-dc698c9095b1 Take action in response to customer information Regulatory Compliance FedRAMP_High_R4 RA-5(4) FedRAMP_High_R4_RA-5(4) FedRAMP High RA-5 (4) Discoverable Information FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance FedRAMP_High_R4 RA-5(5) FedRAMP_High_R4_RA-5(5) FedRAMP High RA-5 (5) Privileged Access FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance FedRAMP_High_R4 RA-5(6) FedRAMP_High_R4_RA-5(6) FedRAMP High RA-5 (6) Automated Trend Analyses FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_High_R4 RA-5(8) FedRAMP_High_R4_RA-5(8) FedRAMP High RA-5 (8) Review Historic Audit Logs FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance FedRAMP_High_R4 SA-1 FedRAMP_High_R4_SA-1 FedRAMP High SA-1 System And Services Acquisition Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance FedRAMP_High_R4 SA-10 FedRAMP_High_R4_SA-10 FedRAMP High SA-10 Developer Configuration Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_High_R4 SA-10(1) FedRAMP_High_R4_SA-10(1) FedRAMP High SA-10 (1) Software / Firmware Integrity Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance FedRAMP_High_R4 SA-11 FedRAMP_High_R4_SA-11 FedRAMP High SA-11 Developer Security Testing And Evaluation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 SA-11 FedRAMP_High_R4_SA-11 FedRAMP High SA-11 Developer Security Testing And Evaluation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SA-11 FedRAMP_High_R4_SA-11 FedRAMP High SA-11 Developer Security Testing And Evaluation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance FedRAMP_High_R4 SA-12 FedRAMP_High_R4_SA-12 FedRAMP High SA-12 Supply Chain Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance FedRAMP_High_R4 SA-12 FedRAMP_High_R4_SA-12 FedRAMP High SA-12 Supply Chain Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance FedRAMP_High_R4 SA-12 FedRAMP_High_R4_SA-12 FedRAMP High SA-12 Supply Chain Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance FedRAMP_High_R4 SA-12 FedRAMP_High_R4_SA-12 FedRAMP High SA-12 Supply Chain Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance FedRAMP_High_R4 SA-15 FedRAMP_High_R4_SA-15 FedRAMP High SA-15 Development Process, Standards, And Tools FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance FedRAMP_High_R4 SA-16 FedRAMP_High_R4_SA-16 FedRAMP High SA-16 Developer-Provided Training FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance FedRAMP_High_R4 SA-17 FedRAMP_High_R4_SA-17 FedRAMP High SA-17 Developer Security Architecture And Design FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance FedRAMP_High_R4 SA-17 FedRAMP_High_R4_SA-17 FedRAMP High SA-17 Developer Security Architecture And Design FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance FedRAMP_High_R4 SA-17 FedRAMP_High_R4_SA-17 FedRAMP High SA-17 Developer Security Architecture And Design FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance FedRAMP_High_R4 SA-2 FedRAMP_High_R4_SA-2 FedRAMP High SA-2 Allocation Of Resources FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance FedRAMP_High_R4 SA-3 FedRAMP_High_R4_SA-3 FedRAMP High SA-3 System Development Life Cycle FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance FedRAMP_High_R4 SA-3 FedRAMP_High_R4_SA-3 FedRAMP High SA-3 System Development Life Cycle FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance FedRAMP_High_R4 SA-3 FedRAMP_High_R4_SA-3 FedRAMP High SA-3 System Development Life Cycle FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance FedRAMP_High_R4 SA-4 FedRAMP_High_R4_SA-4 FedRAMP High SA-4 Acquisition Process FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance FedRAMP_High_R4 SA-4(1) FedRAMP_High_R4_SA-4(1) FedRAMP High SA-4 (1) Functional Properties Of Security Controls FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance FedRAMP_High_R4 SA-4(10) FedRAMP_High_R4_SA-4(10) FedRAMP High SA-4 (10) Use Of Approved Piv Products FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance FedRAMP_High_R4 SA-4(2) FedRAMP_High_R4_SA-4(2) FedRAMP High SA-4 (2) Design / Implementation Information For Security Controls FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance FedRAMP_High_R4 SA-4(8) FedRAMP_High_R4_SA-4(8) FedRAMP High SA-4 (8) Continuous Monitoring Plan FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance FedRAMP_High_R4 SA-4(9) FedRAMP_High_R4_SA-4(9) FedRAMP High SA-4 (9) Functions / Ports / Protocols / Services In Use FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance FedRAMP_High_R4 SA-5 FedRAMP_High_R4_SA-5 FedRAMP High SA-5 Information System Documentation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance FedRAMP_High_R4 SA-9 FedRAMP_High_R4_SA-9 FedRAMP High SA-9 External Information System Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance FedRAMP_High_R4 SA-9 FedRAMP_High_R4_SA-9 FedRAMP High SA-9 External Information System Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance FedRAMP_High_R4 SA-9 FedRAMP_High_R4_SA-9 FedRAMP High SA-9 External Information System Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance FedRAMP_High_R4 SA-9 FedRAMP_High_R4_SA-9 FedRAMP High SA-9 External Information System Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance FedRAMP_High_R4 SA-9(1) FedRAMP_High_R4_SA-9(1) FedRAMP High SA-9 (1) Risk Assessments / Organizational Approvals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance FedRAMP_High_R4 SA-9(1) FedRAMP_High_R4_SA-9(1) FedRAMP High SA-9 (1) Risk Assessments / Organizational Approvals FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance FedRAMP_High_R4 SA-9(2) FedRAMP_High_R4_SA-9(2) FedRAMP High SA-9 (2) Identification Of Functions / Ports / Protocols / Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance FedRAMP_High_R4 SA-9(4) FedRAMP_High_R4_SA-9(4) FedRAMP High SA-9 (4) Consistent Interests Of Consumers And Providers FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance FedRAMP_High_R4 SA-9(5) FedRAMP_High_R4_SA-9(5) FedRAMP High SA-9 (5) Processing, Storage, And Service Location FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance FedRAMP_High_R4 SC-1 FedRAMP_High_R4_SC-1 FedRAMP High SC-1 System And Communications Protection Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance FedRAMP_High_R4 SC-10 FedRAMP_High_R4_SC-10 FedRAMP High SC-10 Network Disconnect FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 Cryptographic Key Establishment And Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance FedRAMP_High_R4 SC-12(1) FedRAMP_High_R4_SC-12(1) FedRAMP High SC-12 (1) Availability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance FedRAMP_High_R4 SC-12(2) FedRAMP_High_R4_SC-12(2) FedRAMP High SC-12 (2) Symmetric Keys FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance FedRAMP_High_R4 SC-12(3) FedRAMP_High_R4_SC-12(3) FedRAMP High SC-12 (3) Asymmetric Keys FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance FedRAMP_High_R4 SC-13 FedRAMP_High_R4_SC-13 FedRAMP High SC-13 Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance FedRAMP_High_R4 SC-15 FedRAMP_High_R4_SC-15 FedRAMP High SC-15 Collaborative Computing Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance FedRAMP_High_R4 SC-15 FedRAMP_High_R4_SC-15 FedRAMP High SC-15 Collaborative Computing Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance FedRAMP_High_R4 SC-17 FedRAMP_High_R4_SC-17 FedRAMP High SC-17 Public Key Infrastructure Certificates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance FedRAMP_High_R4 SC-18 FedRAMP_High_R4_SC-18 FedRAMP High SC-18 Mobile Code FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance FedRAMP_High_R4 SC-18 FedRAMP_High_R4_SC-18 FedRAMP High SC-18 Mobile Code FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance FedRAMP_High_R4 SC-18 FedRAMP_High_R4_SC-18 FedRAMP High SC-18 Mobile Code FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance FedRAMP_High_R4 SC-19 FedRAMP_High_R4_SC-19 FedRAMP High SC-19 Voice Over Internet Protocol FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance FedRAMP_High_R4 SC-19 FedRAMP_High_R4_SC-19 FedRAMP High SC-19 Voice Over Internet Protocol FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance FedRAMP_High_R4 SC-2 FedRAMP_High_R4_SC-2 FedRAMP High SC-2 Application Partitioning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance FedRAMP_High_R4 SC-2 FedRAMP_High_R4_SC-2 FedRAMP High SC-2 Application Partitioning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_High_R4 SC-2 FedRAMP_High_R4_SC-2 FedRAMP High SC-2 Application Partitioning FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance FedRAMP_High_R4 SC-20 FedRAMP_High_R4_SC-20 FedRAMP High SC-20 Secure Name / Address Resolution Service (Authoritative Source) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_High_R4 SC-20 FedRAMP_High_R4_SC-20 FedRAMP High SC-20 Secure Name / Address Resolution Service (Authoritative Source) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_High_R4 SC-21 FedRAMP_High_R4_SC-21 FedRAMP High SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_High_R4 SC-21 FedRAMP_High_R4_SC-21 FedRAMP High SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_High_R4 SC-22 FedRAMP_High_R4_SC-22 FedRAMP High SC-22 Architecture And Provisioning For Name / Address Resolution Service FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance FedRAMP_High_R4 SC-23 FedRAMP_High_R4_SC-23 FedRAMP High SC-23 Session Authenticity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance FedRAMP_High_R4 SC-23 FedRAMP_High_R4_SC-23 FedRAMP High SC-23 Session Authenticity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
396f465d-375e-57de-58ba-021adb008191 Invalidate session identifiers at logout Regulatory Compliance FedRAMP_High_R4 SC-23(1) FedRAMP_High_R4_SC-23(1) FedRAMP High SC-23 (1) Invalidate Session Identifiers At Logout FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance FedRAMP_High_R4 SC-24 FedRAMP_High_R4_SC-24 FedRAMP High SC-24 Fail In Known State FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric FedRAMP_High_R4 SC-28 FedRAMP_High_R4_SC-28 FedRAMP High SC-28 Protection Of Information At Rest FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_High_R4 SC-28(1) FedRAMP_High_R4_SC-28(1) FedRAMP High SC-28 (1) Cryptographic Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_High_R4 SC-3 FedRAMP_High_R4_SC-3 FedRAMP High SC-3 Security Function Isolation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SC-3 FedRAMP_High_R4_SC-3 FedRAMP High SC-3 Security Function Isolation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center FedRAMP_High_R4 SC-3 FedRAMP_High_R4_SC-3 FedRAMP High SC-3 Security Function Isolation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center FedRAMP_High_R4 SC-3 FedRAMP_High_R4_SC-3 FedRAMP High SC-3 Security Function Isolation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance FedRAMP_High_R4 SC-39 FedRAMP_High_R4_SC-39 FedRAMP High SC-39 Process Isolation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_High_R4 SC-5 FedRAMP_High_R4_SC-5 FedRAMP High SC-5 Denial Of Service Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance FedRAMP_High_R4 SC-6 FedRAMP_High_R4_SC-6 FedRAMP High SC-6 Resource Availability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance FedRAMP_High_R4 SC-6 FedRAMP_High_R4_SC-6 FedRAMP High SC-6 Resource Availability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance FedRAMP_High_R4 SC-6 FedRAMP_High_R4_SC-6 FedRAMP High SC-6 Resource Availability FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage FedRAMP_High_R4 SC-7 FedRAMP_High_R4_SC-7 FedRAMP High SC-7 Boundary Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SC-7(12) FedRAMP_High_R4_SC-7(12) FedRAMP High SC-7 (12) Host-Based Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance FedRAMP_High_R4 SC-7(13) FedRAMP_High_R4_SC-7(13) FedRAMP High SC-7 (13) Isolation Of Security Tools / Mechanisms / Support Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components Regulatory Compliance FedRAMP_High_R4 SC-7(18) FedRAMP_High_R4_SC-7(18) FedRAMP High SC-7 (18) Fail Secure FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SC-7(18) FedRAMP_High_R4_SC-7(18) FedRAMP High SC-7 (18) Fail Secure FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources Regulatory Compliance FedRAMP_High_R4 SC-7(20) FedRAMP_High_R4_SC-7(20) FedRAMP High SC-7 (20) Dynamic Isolation / Segregation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance FedRAMP_High_R4 SC-7(21) FedRAMP_High_R4_SC-7(21) FedRAMP High SC-7 (21) Isolation Of Information System Components FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_High_R4 SC-7(3) FedRAMP_High_R4_SC-7(3) FedRAMP High SC-7 (3) Access Points FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance FedRAMP_High_R4 SC-7(4) FedRAMP_High_R4_SC-7(4) FedRAMP High SC-7 (4) External Telecommunications Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance FedRAMP_High_R4 SC-7(4) FedRAMP_High_R4_SC-7(4) FedRAMP High SC-7 (4) External Telecommunications Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SC-7(4) FedRAMP_High_R4_SC-7(4) FedRAMP High SC-7 (4) External Telecommunications Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance FedRAMP_High_R4 SC-7(7) FedRAMP_High_R4_SC-7(7) FedRAMP High SC-7 (7) Prevent Split Tunneling For Remote Devices FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance FedRAMP_High_R4 SC-7(8) FedRAMP_High_R4_SC-7(8) FedRAMP High SC-7 (8) Route Traffic To Authenticated Proxy Servers FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL FedRAMP_High_R4 SC-8 FedRAMP_High_R4_SC-8 FedRAMP High SC-8 Transmission Confidentiality And Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration FedRAMP_High_R4 SC-8(1) FedRAMP_High_R4_SC-8(1) FedRAMP High SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance FedRAMP_High_R4 SI-1 FedRAMP_High_R4_SI-1 FedRAMP High SI-1 System And Information Integrity Policy And Procedures FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance FedRAMP_High_R4 SI-10 FedRAMP_High_R4_SI-10 FedRAMP High SI-10 Information Input Validation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance FedRAMP_High_R4 SI-11 FedRAMP_High_R4_SI-11 FedRAMP High SI-11 Error Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance FedRAMP_High_R4 SI-11 FedRAMP_High_R4_SI-11 FedRAMP High SI-11 Error Handling FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_High_R4 SI-12 FedRAMP_High_R4_SI-12 FedRAMP High SI-12 Information Handling And Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance FedRAMP_High_R4 SI-12 FedRAMP_High_R4_SI-12 FedRAMP High SI-12 Information Handling And Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance FedRAMP_High_R4 SI-12 FedRAMP_High_R4_SI-12 FedRAMP High SI-12 Information Handling And Retention FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_High_R4 SI-16 FedRAMP_High_R4_SI-16 FedRAMP High SI-16 Memory Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-16 FedRAMP_High_R4_SI-16 FedRAMP High SI-16 Memory Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance FedRAMP_High_R4 SI-2 FedRAMP_High_R4_SI-2 FedRAMP High SI-2 Flaw Remediation FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance FedRAMP_High_R4 SI-2(2) FedRAMP_High_R4_SI-2(2) FedRAMP High SI-2 (2) Automated Flaw Remediation Status FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_High_R4 SI-2(2) FedRAMP_High_R4_SI-2(2) FedRAMP High SI-2 (2) Automated Flaw Remediation Status FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance FedRAMP_High_R4 SI-2(3) FedRAMP_High_R4_SI-2(3) FedRAMP High SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance FedRAMP_High_R4 SI-2(3) FedRAMP_High_R4_SI-2(3) FedRAMP High SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 SI-3 FedRAMP_High_R4_SI-3 FedRAMP High SI-3 Malicious Code Protection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-3(1) FedRAMP_High_R4_SI-3(1) FedRAMP High SI-3 (1) Central Management FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-3(2) FedRAMP_High_R4_SI-3(2) FedRAMP High SI-3 (2) Automatic Updates FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_High_R4 SI-3(7) FedRAMP_High_R4_SI-3(7) FedRAMP High SI-3 (7) Nonsignature-Based Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_High_R4 SI-4 FedRAMP_High_R4_SI-4 FedRAMP High SI-4 Information System Monitoring FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance FedRAMP_High_R4 SI-4(14) FedRAMP_High_R4_SI-4(14) FedRAMP High SI-4 (14) Wireless Intrusion Detection FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_High_R4 SI-4(2) FedRAMP_High_R4_SI-4(2) FedRAMP High SI-4 (2) Automated Tools For Real-Time Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance FedRAMP_High_R4 SI-4(2) FedRAMP_High_R4_SI-4(2) FedRAMP High SI-4 (2) Automated Tools For Real-Time Analysis FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance FedRAMP_High_R4 SI-4(22) FedRAMP_High_R4_SI-4(22) FedRAMP High SI-4 (22) Unauthorized Network Services FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance FedRAMP_High_R4 SI-4(24) FedRAMP_High_R4_SI-4(24) FedRAMP High SI-4 (24) Indicators Of Compromise FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_High_R4 SI-4(4) FedRAMP_High_R4_SI-4(4) FedRAMP High SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance FedRAMP_High_R4 SI-4(4) FedRAMP_High_R4_SI-4(4) FedRAMP High SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_High_R4 SI-4(4) FedRAMP_High_R4_SI-4(4) FedRAMP High SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance FedRAMP_High_R4 SI-4(4) FedRAMP_High_R4_SI-4(4) FedRAMP High SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_High_R4 SI-4(5) FedRAMP_High_R4_SI-4(5) FedRAMP High SI-4 (5) System-Generated Alerts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance FedRAMP_High_R4 SI-4(5) FedRAMP_High_R4_SI-4(5) FedRAMP High SI-4 (5) System-Generated Alerts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance FedRAMP_High_R4 SI-4(5) FedRAMP_High_R4_SI-4(5) FedRAMP High SI-4 (5) System-Generated Alerts FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance FedRAMP_High_R4 SI-5 FedRAMP_High_R4_SI-5 FedRAMP High SI-5 Security Alerts, Advisories, And Directives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance FedRAMP_High_R4 SI-5 FedRAMP_High_R4_SI-5 FedRAMP High SI-5 Security Alerts, Advisories, And Directives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance FedRAMP_High_R4 SI-5 FedRAMP_High_R4_SI-5 FedRAMP High SI-5 Security Alerts, Advisories, And Directives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance FedRAMP_High_R4 SI-5 FedRAMP_High_R4_SI-5 FedRAMP High SI-5 Security Alerts, Advisories, And Directives FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance FedRAMP_High_R4 SI-5(1) FedRAMP_High_R4_SI-5(1) FedRAMP High SI-5 (1) Automated Alerts And Advisories FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance FedRAMP_High_R4 SI-6 FedRAMP_High_R4_SI-6 FedRAMP High SI-6 Security Function Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance FedRAMP_High_R4 SI-6 FedRAMP_High_R4_SI-6 FedRAMP High SI-6 Security Function Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance FedRAMP_High_R4 SI-6 FedRAMP_High_R4_SI-6 FedRAMP High SI-6 Security Function Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance FedRAMP_High_R4 SI-6 FedRAMP_High_R4_SI-6 FedRAMP High SI-6 Security Function Verification FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_High_R4 SI-7 FedRAMP_High_R4_SI-7 FedRAMP High SI-7 Software, Firmware, And Information Integrity FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_High_R4 SI-7(1) FedRAMP_High_R4_SI-7(1) FedRAMP High SI-7 (1) Integrity Checks FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance FedRAMP_High_R4 SI-7(1) FedRAMP_High_R4_SI-7(1) FedRAMP High SI-7 (1) Integrity Checks FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code Regulatory Compliance FedRAMP_High_R4 SI-7(14) FedRAMP_High_R4_SI-7(14) FedRAMP High SI-7 (14) Binary Or Machine Executable Code FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance FedRAMP_High_R4 SI-7(5) FedRAMP_High_R4_SI-7(5) FedRAMP High SI-7 (5) Automated Response To Integrity Violations FedRAMP High (d5264498-16f4-418a-b659-fa7ef418175f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_Moderate_R4 AC-1 FedRAMP_Moderate_R4_AC-1 FedRAMP Moderate AC-1 Access Control Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AC-1 FedRAMP_Moderate_R4_AC-1 FedRAMP Moderate AC-1 Access Control Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AC-1 FedRAMP_Moderate_R4_AC-1 FedRAMP Moderate AC-1 Access Control Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AC-1 FedRAMP_Moderate_R4_AC-1 FedRAMP Moderate AC-1 Access Control Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance FedRAMP_Moderate_R4 AC-10 FedRAMP_Moderate_R4_AC-10 FedRAMP Moderate AC-10 Concurrent Session Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance FedRAMP_Moderate_R4 AC-12 FedRAMP_Moderate_R4_AC-12 FedRAMP Moderate AC-12 Session Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance FedRAMP_Moderate_R4 AC-14 FedRAMP_Moderate_R4_AC-14 FedRAMP Moderate AC-14 Permitted Actions Without Identification Or Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 AC-17 FedRAMP_Moderate_R4_AC-17 FedRAMP Moderate AC-17 Remote Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 AC-17(1) FedRAMP_Moderate_R4_AC-17(1) FedRAMP Moderate AC-17 (1) Automated Monitoring / Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance FedRAMP_Moderate_R4 AC-17(2) FedRAMP_Moderate_R4_AC-17(2) FedRAMP Moderate AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_Moderate_R4 AC-17(2) FedRAMP_Moderate_R4_AC-17(2) FedRAMP Moderate AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance FedRAMP_Moderate_R4 AC-17(3) FedRAMP_Moderate_R4_AC-17(3) FedRAMP Moderate AC-17 (3) Managed Access Control Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance FedRAMP_Moderate_R4 AC-17(4) FedRAMP_Moderate_R4_AC-17(4) FedRAMP Moderate AC-17 (4) Privileged Commands / Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance FedRAMP_Moderate_R4 AC-17(9) FedRAMP_Moderate_R4_AC-17(9) FedRAMP Moderate AC-17 (9) Disconnect / Disable Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance FedRAMP_Moderate_R4 AC-18 FedRAMP_Moderate_R4_AC-18 FedRAMP Moderate AC-18 Wireless Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance FedRAMP_Moderate_R4 AC-18 FedRAMP_Moderate_R4_AC-18 FedRAMP Moderate AC-18 Wireless Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance FedRAMP_Moderate_R4 AC-18(1) FedRAMP_Moderate_R4_AC-18(1) FedRAMP Moderate AC-18 (1) Authentication And Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance FedRAMP_Moderate_R4 AC-18(1) FedRAMP_Moderate_R4_AC-18(1) FedRAMP Moderate AC-18 (1) Authentication And Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance FedRAMP_Moderate_R4 AC-18(1) FedRAMP_Moderate_R4_AC-18(1) FedRAMP Moderate AC-18 (1) Authentication And Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance FedRAMP_Moderate_R4 AC-19 FedRAMP_Moderate_R4_AC-19 FedRAMP Moderate AC-19 Access Control For Mobile Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_Moderate_R4 AC-19(5) FedRAMP_Moderate_R4_AC-19(5) FedRAMP Moderate AC-19 (5) Full Device / Container-Based Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance FedRAMP_Moderate_R4 AC-19(5) FedRAMP_Moderate_R4_AC-19(5) FedRAMP Moderate AC-19 (5) Full Device / Container-Based Encryption FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2 FedRAMP_Moderate_R4_AC-2 FedRAMP Moderate AC-2 Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_Moderate_R4 AC-2(1) FedRAMP_Moderate_R4_AC-2(1) FedRAMP Moderate AC-2 (1) Automated System Account Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance FedRAMP_Moderate_R4 AC-2(10) FedRAMP_Moderate_R4_AC-2(10) FedRAMP Moderate AC-2 (10) Shared / Group Account Credential Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 AC-2(12) FedRAMP_Moderate_R4_AC-2(12) FedRAMP Moderate AC-2 (12) Account Monitoring / Atypical Usage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_Moderate_R4 AC-2(3) FedRAMP_Moderate_R4_AC-2(3) FedRAMP Moderate AC-2 (3) Disable Inactive Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance FedRAMP_Moderate_R4 AC-2(3) FedRAMP_Moderate_R4_AC-2(3) FedRAMP Moderate AC-2 (3) Disable Inactive Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance FedRAMP_Moderate_R4 AC-2(4) FedRAMP_Moderate_R4_AC-2(4) FedRAMP Moderate AC-2 (4) Automated Audit Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance FedRAMP_Moderate_R4 AC-2(5) FedRAMP_Moderate_R4_AC-2(5) FedRAMP Moderate AC-2 (5) Inactivity Logout FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance FedRAMP_Moderate_R4 AC-2(7) FedRAMP_Moderate_R4_AC-2(7) FedRAMP Moderate AC-2 (7) Role-Based Schemes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-2(9) FedRAMP_Moderate_R4_AC-2(9) FedRAMP Moderate AC-2 (9) Restrictions On Use Of Shared Groups / Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance FedRAMP_Moderate_R4 AC-20 FedRAMP_Moderate_R4_AC-20 FedRAMP Moderate AC-20 Use Of External Information Systems FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance FedRAMP_Moderate_R4 AC-20 FedRAMP_Moderate_R4_AC-20 FedRAMP Moderate AC-20 Use Of External Information Systems FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance FedRAMP_Moderate_R4 AC-20(1) FedRAMP_Moderate_R4_AC-20(1) FedRAMP Moderate AC-20 (1) Limits On Authorized Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 AC-20(2) FedRAMP_Moderate_R4_AC-20(2) FedRAMP Moderate AC-20 (2) Portable Storage Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_Moderate_R4 AC-20(2) FedRAMP_Moderate_R4_AC-20(2) FedRAMP Moderate AC-20 (2) Portable Storage Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 AC-20(2) FedRAMP_Moderate_R4_AC-20(2) FedRAMP Moderate AC-20 (2) Portable Storage Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance FedRAMP_Moderate_R4 AC-21 FedRAMP_Moderate_R4_AC-21 FedRAMP Moderate AC-21 Information Sharing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance FedRAMP_Moderate_R4 AC-21 FedRAMP_Moderate_R4_AC-21 FedRAMP Moderate AC-21 Information Sharing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance FedRAMP_Moderate_R4 AC-22 FedRAMP_Moderate_R4_AC-22 FedRAMP Moderate AC-22 Publicly Accessible Content FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance FedRAMP_Moderate_R4 AC-22 FedRAMP_Moderate_R4_AC-22 FedRAMP Moderate AC-22 Publicly Accessible Content FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance FedRAMP_Moderate_R4 AC-22 FedRAMP_Moderate_R4_AC-22 FedRAMP Moderate AC-22 Publicly Accessible Content FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance FedRAMP_Moderate_R4 AC-22 FedRAMP_Moderate_R4_AC-22 FedRAMP Moderate AC-22 Publicly Accessible Content FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center FedRAMP_Moderate_R4 AC-3 FedRAMP_Moderate_R4_AC-3 FedRAMP Moderate AC-3 Access Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage FedRAMP_Moderate_R4 AC-4 FedRAMP_Moderate_R4_AC-4 FedRAMP Moderate AC-4 Information Flow Enforcement FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance FedRAMP_Moderate_R4 AC-4(21) FedRAMP_Moderate_R4_AC-4(21) FedRAMP Moderate AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance FedRAMP_Moderate_R4 AC-4(21) FedRAMP_Moderate_R4_AC-4(21) FedRAMP Moderate AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance FedRAMP_Moderate_R4 AC-4(21) FedRAMP_Moderate_R4_AC-4(21) FedRAMP Moderate AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance FedRAMP_Moderate_R4 AC-4(21) FedRAMP_Moderate_R4_AC-4(21) FedRAMP Moderate AC-4 (21) Physical / Logical Separation Of Information Flows FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center FedRAMP_Moderate_R4 AC-5 FedRAMP_Moderate_R4_AC-5 FedRAMP Moderate AC-5 Separation Of Duties FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance FedRAMP_Moderate_R4 AC-5 FedRAMP_Moderate_R4_AC-5 FedRAMP Moderate AC-5 Separation Of Duties FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance FedRAMP_Moderate_R4 AC-5 FedRAMP_Moderate_R4_AC-5 FedRAMP Moderate AC-5 Separation Of Duties FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance FedRAMP_Moderate_R4 AC-5 FedRAMP_Moderate_R4_AC-5 FedRAMP Moderate AC-5 Separation Of Duties FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance FedRAMP_Moderate_R4 AC-6 FedRAMP_Moderate_R4_AC-6 FedRAMP Moderate AC-6 Least Privilege FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance FedRAMP_Moderate_R4 AC-6 FedRAMP_Moderate_R4_AC-6 FedRAMP Moderate AC-6 Least Privilege FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General FedRAMP_Moderate_R4 AC-6 FedRAMP_Moderate_R4_AC-6 FedRAMP Moderate AC-6 Least Privilege FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center FedRAMP_Moderate_R4 AC-6 FedRAMP_Moderate_R4_AC-6 FedRAMP Moderate AC-6 Least Privilege FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance FedRAMP_Moderate_R4 AC-6(1) FedRAMP_Moderate_R4_AC-6(1) FedRAMP Moderate AC-6 (1) Authorize Access To Security Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance FedRAMP_Moderate_R4 AC-6(1) FedRAMP_Moderate_R4_AC-6(1) FedRAMP Moderate AC-6 (1) Authorize Access To Security Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance FedRAMP_Moderate_R4 AC-6(1) FedRAMP_Moderate_R4_AC-6(1) FedRAMP Moderate AC-6 (1) Authorize Access To Security Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-6(5) FedRAMP_Moderate_R4_AC-6(5) FedRAMP Moderate AC-6 (5) Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance FedRAMP_Moderate_R4 AC-6(9) FedRAMP_Moderate_R4_AC-6(9) FedRAMP Moderate AC-6 (9) Auditing Use Of Privileged Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance FedRAMP_Moderate_R4 AC-7 FedRAMP_Moderate_R4_AC-7 FedRAMP Moderate AC-7 Unsuccessful Logon Attempts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_Moderate_R4 AT-1 FedRAMP_Moderate_R4_AT-1 FedRAMP Moderate AT-1 Security Awareness And Training Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance FedRAMP_Moderate_R4 AT-1 FedRAMP_Moderate_R4_AT-1 FedRAMP Moderate AT-1 Security Awareness And Training Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance FedRAMP_Moderate_R4 AT-2 FedRAMP_Moderate_R4_AT-2 FedRAMP Moderate AT-2 Security Awareness Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance FedRAMP_Moderate_R4 AT-2 FedRAMP_Moderate_R4_AT-2 FedRAMP Moderate AT-2 Security Awareness Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance FedRAMP_Moderate_R4 AT-2 FedRAMP_Moderate_R4_AT-2 FedRAMP Moderate AT-2 Security Awareness Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance FedRAMP_Moderate_R4 AT-2(2) FedRAMP_Moderate_R4_AT-2(2) FedRAMP Moderate AT-2 (2) Insider Threat FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance FedRAMP_Moderate_R4 AT-3 FedRAMP_Moderate_R4_AT-3 FedRAMP Moderate AT-3 Role-Based Security Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance FedRAMP_Moderate_R4 AT-3 FedRAMP_Moderate_R4_AT-3 FedRAMP Moderate AT-3 Role-Based Security Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance FedRAMP_Moderate_R4 AT-3 FedRAMP_Moderate_R4_AT-3 FedRAMP Moderate AT-3 Role-Based Security Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance FedRAMP_Moderate_R4 AT-4 FedRAMP_Moderate_R4_AT-4 FedRAMP Moderate AT-4 Security Training Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance FedRAMP_Moderate_R4 AT-4 FedRAMP_Moderate_R4_AT-4 FedRAMP Moderate AT-4 Security Training Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance FedRAMP_Moderate_R4 AT-4 FedRAMP_Moderate_R4_AT-4 FedRAMP Moderate AT-4 Security Training Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-1 FedRAMP_Moderate_R4_AU-1 FedRAMP Moderate AU-1 Audit And Accountability Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_Moderate_R4 AU-1 FedRAMP_Moderate_R4_AU-1 FedRAMP Moderate AU-1 Audit And Accountability Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-1 FedRAMP_Moderate_R4_AU-1 FedRAMP Moderate AU-1 Audit And Accountability Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-1 FedRAMP_Moderate_R4_AU-1 FedRAMP Moderate AU-1 Audit And Accountability Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance FedRAMP_Moderate_R4 AU-11 FedRAMP_Moderate_R4_AU-11 FedRAMP Moderate AU-11 Audit Record Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-11 FedRAMP_Moderate_R4_AU-11 FedRAMP Moderate AU-11 Audit Record Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance FedRAMP_Moderate_R4 AU-11 FedRAMP_Moderate_R4_AU-11 FedRAMP Moderate AU-11 Audit Record Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL FedRAMP_Moderate_R4 AU-11 FedRAMP_Moderate_R4_AU-11 FedRAMP Moderate AU-11 Audit Record Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_Moderate_R4 AU-12 FedRAMP_Moderate_R4_AU-12 FedRAMP Moderate AU-12 Audit Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_Moderate_R4 AU-2 FedRAMP_Moderate_R4_AU-2 FedRAMP Moderate AU-2 Audit Events FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance FedRAMP_Moderate_R4 AU-2(3) FedRAMP_Moderate_R4_AU-2(3) FedRAMP Moderate AU-2 (3) Reviews And Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_Moderate_R4 AU-3 FedRAMP_Moderate_R4_AU-3 FedRAMP Moderate AU-3 Content Of Audit Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance FedRAMP_Moderate_R4 AU-3(1) FedRAMP_Moderate_R4_AU-3(1) FedRAMP Moderate AU-3 (1) Additional Audit Information FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance FedRAMP_Moderate_R4 AU-4 FedRAMP_Moderate_R4_AU-4 FedRAMP Moderate AU-4 Audit Storage Capacity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance FedRAMP_Moderate_R4 AU-5 FedRAMP_Moderate_R4_AU-5 FedRAMP Moderate AU-5 Response To Audit Processing Failures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 AU-6 FedRAMP_Moderate_R4_AU-6 FedRAMP Moderate AU-6 Audit Review, Analysis, And Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_Moderate_R4 AU-6(1) FedRAMP_Moderate_R4_AU-6(1) FedRAMP Moderate AU-6 (1) Process Integration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_Moderate_R4 AU-6(3) FedRAMP_Moderate_R4_AU-6(3) FedRAMP Moderate AU-6 (3) Correlate Audit Repositories FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-6(3) FedRAMP_Moderate_R4_AU-6(3) FedRAMP Moderate AU-6 (3) Correlate Audit Repositories FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance FedRAMP_Moderate_R4 AU-7 FedRAMP_Moderate_R4_AU-7 FedRAMP Moderate AU-7 Audit Reduction And Report Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance FedRAMP_Moderate_R4 AU-7 FedRAMP_Moderate_R4_AU-7 FedRAMP Moderate AU-7 Audit Reduction And Report Generation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-7(1) FedRAMP_Moderate_R4_AU-7(1) FedRAMP Moderate AU-7 (1) Automatic Processing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-8 FedRAMP_Moderate_R4_AU-8 FedRAMP Moderate AU-8 Time Stamps FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance FedRAMP_Moderate_R4 AU-8(1) FedRAMP_Moderate_R4_AU-8(1) FedRAMP Moderate AU-8 (1) Synchronization With Authoritative Time Source FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance FedRAMP_Moderate_R4 AU-9 FedRAMP_Moderate_R4_AU-9 FedRAMP Moderate AU-9 Protection Of Audit Information FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance FedRAMP_Moderate_R4 AU-9 FedRAMP_Moderate_R4_AU-9 FedRAMP Moderate AU-9 Protection Of Audit Information FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 AU-9(2) FedRAMP_Moderate_R4_AU-9(2) FedRAMP Moderate AU-9 (2) Audit Backup On Separate Physical Systems / Components FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance FedRAMP_Moderate_R4 AU-9(4) FedRAMP_Moderate_R4_AU-9(4) FedRAMP Moderate AU-9 (4) Access By Subset Of Privileged Users FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CA-1 FedRAMP_Moderate_R4_CA-1 FedRAMP Moderate CA-1 Security Assessment And Authorization Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance FedRAMP_Moderate_R4 CA-2 FedRAMP_Moderate_R4_CA-2 FedRAMP Moderate CA-2 Security Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance FedRAMP_Moderate_R4 CA-2 FedRAMP_Moderate_R4_CA-2 FedRAMP Moderate CA-2 Security Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance FedRAMP_Moderate_R4 CA-2 FedRAMP_Moderate_R4_CA-2 FedRAMP Moderate CA-2 Security Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance FedRAMP_Moderate_R4 CA-2 FedRAMP_Moderate_R4_CA-2 FedRAMP Moderate CA-2 Security Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance FedRAMP_Moderate_R4 CA-2(1) FedRAMP_Moderate_R4_CA-2(1) FedRAMP Moderate CA-2 (1) Independent Assessors FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance FedRAMP_Moderate_R4 CA-2(2) FedRAMP_Moderate_R4_CA-2(2) FedRAMP Moderate CA-2 (2) Specialized Assessments FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance FedRAMP_Moderate_R4 CA-2(3) FedRAMP_Moderate_R4_CA-2(3) FedRAMP Moderate CA-2 (3) External Organizations FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance FedRAMP_Moderate_R4 CA-3 FedRAMP_Moderate_R4_CA-3 FedRAMP Moderate CA-3 System Interconnections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance FedRAMP_Moderate_R4 CA-3 FedRAMP_Moderate_R4_CA-3 FedRAMP Moderate CA-3 System Interconnections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 CA-3(3) FedRAMP_Moderate_R4_CA-3(3) FedRAMP Moderate CA-3 (3) Unclassified Non-National Security System Connections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance FedRAMP_Moderate_R4 CA-3(5) FedRAMP_Moderate_R4_CA-3(5) FedRAMP Moderate CA-3 (5) Restrictions On External System Connections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance FedRAMP_Moderate_R4 CA-5 FedRAMP_Moderate_R4_CA-5 FedRAMP Moderate CA-5 Plan Of Action And Milestones FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance FedRAMP_Moderate_R4 CA-5 FedRAMP_Moderate_R4_CA-5 FedRAMP Moderate CA-5 Plan Of Action And Milestones FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance FedRAMP_Moderate_R4 CA-6 FedRAMP_Moderate_R4_CA-6 FedRAMP Moderate CA-6 Security Authorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance FedRAMP_Moderate_R4 CA-6 FedRAMP_Moderate_R4_CA-6 FedRAMP Moderate CA-6 Security Authorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance FedRAMP_Moderate_R4 CA-6 FedRAMP_Moderate_R4_CA-6 FedRAMP Moderate CA-6 Security Authorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance FedRAMP_Moderate_R4 CA-7 FedRAMP_Moderate_R4_CA-7 FedRAMP Moderate CA-7 Continuous Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance FedRAMP_Moderate_R4 CA-7 FedRAMP_Moderate_R4_CA-7 FedRAMP Moderate CA-7 Continuous Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance FedRAMP_Moderate_R4 CA-7 FedRAMP_Moderate_R4_CA-7 FedRAMP Moderate CA-7 Continuous Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance FedRAMP_Moderate_R4 CA-7(1) FedRAMP_Moderate_R4_CA-7(1) FedRAMP Moderate CA-7 (1) Independent Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance FedRAMP_Moderate_R4 CA-8(1) FedRAMP_Moderate_R4_CA-8(1) FedRAMP Moderate CA-8 (1) Independent Penetration Agent Or Team FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance FedRAMP_Moderate_R4 CA-9 FedRAMP_Moderate_R4_CA-9 FedRAMP Moderate CA-9 Internal System Connections FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CM-1 FedRAMP_Moderate_R4_CM-1 FedRAMP Moderate CM-1 Configuration Management Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_Moderate_R4 CM-10 FedRAMP_Moderate_R4_CM-10 FedRAMP Moderate CM-10 Software Usage Restrictions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_Moderate_R4 CM-10 FedRAMP_Moderate_R4_CM-10 FedRAMP Moderate CM-10 Software Usage Restrictions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance FedRAMP_Moderate_R4 CM-10 FedRAMP_Moderate_R4_CM-10 FedRAMP Moderate CM-10 Software Usage Restrictions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance FedRAMP_Moderate_R4 CM-10 FedRAMP_Moderate_R4_CM-10 FedRAMP Moderate CM-10 Software Usage Restrictions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance FedRAMP_Moderate_R4 CM-10(1) FedRAMP_Moderate_R4_CM-10(1) FedRAMP Moderate CM-10 (1) Open Source Software FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_Moderate_R4 CM-11 FedRAMP_Moderate_R4_CM-11 FedRAMP Moderate CM-11 User-Installed Software FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_Moderate_R4 CM-11 FedRAMP_Moderate_R4_CM-11 FedRAMP Moderate CM-11 User-Installed Software FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_Moderate_R4 CM-2 FedRAMP_Moderate_R4_CM-2 FedRAMP Moderate CM-2 Baseline Configuration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_Moderate_R4 CM-2(2) FedRAMP_Moderate_R4_CM-2(2) FedRAMP Moderate CM-2 (2) Automation Support For Accuracy / Currency FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance FedRAMP_Moderate_R4 CM-2(3) FedRAMP_Moderate_R4_CM-2(3) FedRAMP Moderate CM-2 (3) Retention Of Previous Configurations FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance FedRAMP_Moderate_R4 CM-2(7) FedRAMP_Moderate_R4_CM-2(7) FedRAMP Moderate CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance FedRAMP_Moderate_R4 CM-2(7) FedRAMP_Moderate_R4_CM-2(7) FedRAMP Moderate CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_Moderate_R4 CM-3 FedRAMP_Moderate_R4_CM-3 FedRAMP Moderate CM-3 Configuration Change Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_Moderate_R4 CM-4 FedRAMP_Moderate_R4_CM-4 FedRAMP Moderate CM-4 Security Impact Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance FedRAMP_Moderate_R4 CM-5 FedRAMP_Moderate_R4_CM-5 FedRAMP Moderate CM-5 Access Restrictions For Change FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance FedRAMP_Moderate_R4 CM-5(1) FedRAMP_Moderate_R4_CM-5(1) FedRAMP Moderate CM-5 (1) Automated Access Enforcement / Auditing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance FedRAMP_Moderate_R4 CM-5(3) FedRAMP_Moderate_R4_CM-5(3) FedRAMP Moderate CM-5 (3) Signed Components FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance FedRAMP_Moderate_R4 CM-5(5) FedRAMP_Moderate_R4_CM-5(5) FedRAMP Moderate CM-5 (5) Limit Production / Operational Privileges FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance FedRAMP_Moderate_R4 CM-5(5) FedRAMP_Moderate_R4_CM-5(5) FedRAMP Moderate CM-5 (5) Limit Production / Operational Privileges FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service FedRAMP_Moderate_R4 CM-6 FedRAMP_Moderate_R4_CM-6 FedRAMP Moderate CM-6 Configuration Settings FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance FedRAMP_Moderate_R4 CM-6(1) FedRAMP_Moderate_R4_CM-6(1) FedRAMP Moderate CM-6 (1) Automated Central Management / Application / Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance FedRAMP_Moderate_R4 CM-6(1) FedRAMP_Moderate_R4_CM-6(1) FedRAMP Moderate CM-6 (1) Automated Central Management / Application / Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance FedRAMP_Moderate_R4 CM-6(1) FedRAMP_Moderate_R4_CM-6(1) FedRAMP Moderate CM-6 (1) Automated Central Management / Application / Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_Moderate_R4 CM-7 FedRAMP_Moderate_R4_CM-7 FedRAMP Moderate CM-7 Least Functionality FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_Moderate_R4 CM-7 FedRAMP_Moderate_R4_CM-7 FedRAMP Moderate CM-7 Least Functionality FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 CM-7 FedRAMP_Moderate_R4_CM-7 FedRAMP Moderate CM-7 Least Functionality FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_Moderate_R4 CM-7(2) FedRAMP_Moderate_R4_CM-7(2) FedRAMP Moderate CM-7 (2) Prevent Program Execution FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_Moderate_R4 CM-7(2) FedRAMP_Moderate_R4_CM-7(2) FedRAMP Moderate CM-7 (2) Prevent Program Execution FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center FedRAMP_Moderate_R4 CM-7(5) FedRAMP_Moderate_R4_CM-7(5) FedRAMP Moderate CM-7 (5) Authorized Software / Whitelisting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center FedRAMP_Moderate_R4 CM-7(5) FedRAMP_Moderate_R4_CM-7(5) FedRAMP Moderate CM-7 (5) Authorized Software / Whitelisting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance FedRAMP_Moderate_R4 CM-8 FedRAMP_Moderate_R4_CM-8 FedRAMP Moderate CM-8 Information System Component Inventory FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_Moderate_R4 CM-8 FedRAMP_Moderate_R4_CM-8 FedRAMP Moderate CM-8 Information System Component Inventory FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance FedRAMP_Moderate_R4 CM-8(1) FedRAMP_Moderate_R4_CM-8(1) FedRAMP Moderate CM-8 (1) Updates During Installations / Removals FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance FedRAMP_Moderate_R4 CM-8(1) FedRAMP_Moderate_R4_CM-8(1) FedRAMP Moderate CM-8 (1) Updates During Installations / Removals FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance FedRAMP_Moderate_R4 CM-8(3) FedRAMP_Moderate_R4_CM-8(3) FedRAMP Moderate CM-8 (3) Automated Unauthorized Component Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance FedRAMP_Moderate_R4 CM-8(3) FedRAMP_Moderate_R4_CM-8(3) FedRAMP Moderate CM-8 (3) Automated Unauthorized Component Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance FedRAMP_Moderate_R4 CM-9 FedRAMP_Moderate_R4_CM-9 FedRAMP Moderate CM-9 Configuration Management Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CP-1 FedRAMP_Moderate_R4_CP-1 FedRAMP Moderate CP-1 Contingency Planning Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance FedRAMP_Moderate_R4 CP-10 FedRAMP_Moderate_R4_CP-10 FedRAMP Moderate CP-10 Information System Recovery And Reconstitution FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance FedRAMP_Moderate_R4 CP-10(2) FedRAMP_Moderate_R4_CP-10(2) FedRAMP Moderate CP-10 (2) Transaction Recovery FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance FedRAMP_Moderate_R4 CP-2 FedRAMP_Moderate_R4_CP-2 FedRAMP Moderate CP-2 Contingency Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_Moderate_R4 CP-2(1) FedRAMP_Moderate_R4_CP-2(1) FedRAMP Moderate CP-2 (1) Coordinate With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance FedRAMP_Moderate_R4 CP-2(2) FedRAMP_Moderate_R4_CP-2(2) FedRAMP Moderate CP-2 (2) Capacity Planning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance FedRAMP_Moderate_R4 CP-2(3) FedRAMP_Moderate_R4_CP-2(3) FedRAMP Moderate CP-2 (3) Resume Essential Missions / Business Functions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance FedRAMP_Moderate_R4 CP-2(8) FedRAMP_Moderate_R4_CP-2(8) FedRAMP Moderate CP-2 (8) Identify Critical Assets FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance FedRAMP_Moderate_R4 CP-3 FedRAMP_Moderate_R4_CP-3 FedRAMP Moderate CP-3 Contingency Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance FedRAMP_Moderate_R4 CP-4 FedRAMP_Moderate_R4_CP-4 FedRAMP Moderate CP-4 Contingency Plan Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance FedRAMP_Moderate_R4 CP-4 FedRAMP_Moderate_R4_CP-4 FedRAMP Moderate CP-4 Contingency Plan Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance FedRAMP_Moderate_R4 CP-4 FedRAMP_Moderate_R4_CP-4 FedRAMP Moderate CP-4 Contingency Plan Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_Moderate_R4 CP-4(1) FedRAMP_Moderate_R4_CP-4(1) FedRAMP Moderate CP-4 (1) Coordinate With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance FedRAMP_Moderate_R4 CP-6 FedRAMP_Moderate_R4_CP-6 FedRAMP Moderate CP-6 Alternate Storage Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL FedRAMP_Moderate_R4 CP-6(1) FedRAMP_Moderate_R4_CP-6(1) FedRAMP Moderate CP-6 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance FedRAMP_Moderate_R4 CP-6(3) FedRAMP_Moderate_R4_CP-6(3) FedRAMP Moderate CP-6 (3) Accessibility FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute FedRAMP_Moderate_R4 CP-7 FedRAMP_Moderate_R4_CP-7 FedRAMP Moderate CP-7 Alternate Processing Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_Moderate_R4 CP-7 FedRAMP_Moderate_R4_CP-7 FedRAMP Moderate CP-7 Alternate Processing Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_Moderate_R4 CP-7(1) FedRAMP_Moderate_R4_CP-7(1) FedRAMP Moderate CP-7 (1) Separation From Primary Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_Moderate_R4 CP-7(2) FedRAMP_Moderate_R4_CP-7(2) FedRAMP Moderate CP-7 (2) Accessibility FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance FedRAMP_Moderate_R4 CP-7(3) FedRAMP_Moderate_R4_CP-7(3) FedRAMP Moderate CP-7 (3) Priority Of Service FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance FedRAMP_Moderate_R4 CP-7(3) FedRAMP_Moderate_R4_CP-7(3) FedRAMP Moderate CP-7 (3) Priority Of Service FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance FedRAMP_Moderate_R4 CP-8(1) FedRAMP_Moderate_R4_CP-8(1) FedRAMP Moderate CP-8 (1) Priority Of Service Provisions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault FedRAMP_Moderate_R4 CP-9 FedRAMP_Moderate_R4_CP-9 FedRAMP Moderate CP-9 Information System Backup FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance FedRAMP_Moderate_R4 CP-9(3) FedRAMP_Moderate_R4_CP-9(3) FedRAMP Moderate CP-9 (3) Separate Storage For Critical Information FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 IA-1 FedRAMP_Moderate_R4_IA-1 FedRAMP Moderate IA-1 Identification And Authentication Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance FedRAMP_Moderate_R4 IA-2 FedRAMP_Moderate_R4_IA-2 FedRAMP Moderate IA-2 Identification And Authentication (Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center FedRAMP_Moderate_R4 IA-2(1) FedRAMP_Moderate_R4_IA-2(1) FedRAMP Moderate IA-2 (1) Network Access To Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center FedRAMP_Moderate_R4 IA-2(1) FedRAMP_Moderate_R4_IA-2(1) FedRAMP Moderate IA-2 (1) Network Access To Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_Moderate_R4 IA-2(1) FedRAMP_Moderate_R4_IA-2(1) FedRAMP Moderate IA-2 (1) Network Access To Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_Moderate_R4 IA-2(11) FedRAMP_Moderate_R4_IA-2(11) FedRAMP Moderate IA-2 (11) Remote Access - Separate Device FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance FedRAMP_Moderate_R4 IA-2(11) FedRAMP_Moderate_R4_IA-2(11) FedRAMP Moderate IA-2 (11) Remote Access - Separate Device FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance FedRAMP_Moderate_R4 IA-2(12) FedRAMP_Moderate_R4_IA-2(12) FedRAMP Moderate IA-2 (12) Acceptance Of Piv Credentials FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center FedRAMP_Moderate_R4 IA-2(2) FedRAMP_Moderate_R4_IA-2(2) FedRAMP Moderate IA-2 (2) Network Access To Non-Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_Moderate_R4 IA-2(2) FedRAMP_Moderate_R4_IA-2(2) FedRAMP Moderate IA-2 (2) Network Access To Non-Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance FedRAMP_Moderate_R4 IA-2(3) FedRAMP_Moderate_R4_IA-2(3) FedRAMP Moderate IA-2 (3) Local Access To Privileged Accounts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-2(5) FedRAMP_Moderate_R4_IA-2(5) FedRAMP Moderate IA-2 (5) Group Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service FedRAMP_Moderate_R4 IA-4 FedRAMP_Moderate_R4_IA-4 FedRAMP Moderate IA-4 Identifier Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance FedRAMP_Moderate_R4 IA-4(4) FedRAMP_Moderate_R4_IA-4(4) FedRAMP Moderate IA-4 (4) Identify User Status FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration FedRAMP_Moderate_R4 IA-5 FedRAMP_Moderate_R4_IA-5 FedRAMP Moderate IA-5 Authenticator Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration FedRAMP_Moderate_R4 IA-5(1) FedRAMP_Moderate_R4_IA-5(1) FedRAMP Moderate IA-5 (1) Password-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance FedRAMP_Moderate_R4 IA-5(11) FedRAMP_Moderate_R4_IA-5(11) FedRAMP Moderate IA-5 (11) Hardware Token-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5(2) FedRAMP_Moderate_R4_IA-5(2) FedRAMP Moderate IA-5 (2) Pki-Based Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5(3) FedRAMP_Moderate_R4_IA-5(3) FedRAMP Moderate IA-5 (3) In-Person Or Trusted Third-Party Registration FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance FedRAMP_Moderate_R4 IA-5(4) FedRAMP_Moderate_R4_IA-5(4) FedRAMP Moderate IA-5 (4) Automated Support For Password Strength Determination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 IA-5(4) FedRAMP_Moderate_R4_IA-5(4) FedRAMP Moderate IA-5 (4) Automated Support For Password Strength Determination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance FedRAMP_Moderate_R4 IA-5(4) FedRAMP_Moderate_R4_IA-5(4) FedRAMP Moderate IA-5 (4) Automated Support For Password Strength Determination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5(6) FedRAMP_Moderate_R4_IA-5(6) FedRAMP Moderate IA-5 (6) Protection Of Authenticators FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance FedRAMP_Moderate_R4 IA-5(7) FedRAMP_Moderate_R4_IA-5(7) FedRAMP Moderate IA-5 (7) No Embedded Unencrypted Static Authenticators FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance FedRAMP_Moderate_R4 IA-6 FedRAMP_Moderate_R4_IA-6 FedRAMP Moderate IA-6 Authenticator Feedback FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance FedRAMP_Moderate_R4 IA-7 FedRAMP_Moderate_R4_IA-7 FedRAMP Moderate IA-7 Cryptographic Module Authentication FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance FedRAMP_Moderate_R4 IA-8 FedRAMP_Moderate_R4_IA-8 FedRAMP Moderate IA-8 Identification And Authentication (Non- Organizational Users) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance FedRAMP_Moderate_R4 IA-8(1) FedRAMP_Moderate_R4_IA-8(1) FedRAMP Moderate IA-8 (1) Acceptance Of Piv Credentials From Other Agencies FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance FedRAMP_Moderate_R4 IA-8(2) FedRAMP_Moderate_R4_IA-8(2) FedRAMP Moderate IA-8 (2) Acceptance Of Third-Party Credentials FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance FedRAMP_Moderate_R4 IA-8(3) FedRAMP_Moderate_R4_IA-8(3) FedRAMP Moderate IA-8 (3) Use Of Ficam-Approved Products FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance FedRAMP_Moderate_R4 IA-8(4) FedRAMP_Moderate_R4_IA-8(4) FedRAMP Moderate IA-8 (4) Use Of Ficam-Issued Profiles FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 IR-1 FedRAMP_Moderate_R4_IR-1 FedRAMP Moderate IR-1 Incident Response Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance FedRAMP_Moderate_R4 IR-2 FedRAMP_Moderate_R4_IR-2 FedRAMP Moderate IR-2 Incident Response Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance FedRAMP_Moderate_R4 IR-3 FedRAMP_Moderate_R4_IR-3 FedRAMP Moderate IR-3 Incident Response Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_Moderate_R4 IR-3 FedRAMP_Moderate_R4_IR-3 FedRAMP Moderate IR-3 Incident Response Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance FedRAMP_Moderate_R4 IR-3 FedRAMP_Moderate_R4_IR-3 FedRAMP Moderate IR-3 Incident Response Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance FedRAMP_Moderate_R4 IR-3(2) FedRAMP_Moderate_R4_IR-3(2) FedRAMP Moderate IR-3 (2) Coordination With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance FedRAMP_Moderate_R4 IR-3(2) FedRAMP_Moderate_R4_IR-3(2) FedRAMP Moderate IR-3 (2) Coordination With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance FedRAMP_Moderate_R4 IR-3(2) FedRAMP_Moderate_R4_IR-3(2) FedRAMP Moderate IR-3 (2) Coordination With Related Plans FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 IR-4 FedRAMP_Moderate_R4_IR-4 FedRAMP Moderate IR-4 Incident Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_Moderate_R4 IR-4(1) FedRAMP_Moderate_R4_IR-4(1) FedRAMP Moderate IR-4 (1) Automated Incident Handling Processes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_Moderate_R4 IR-4(1) FedRAMP_Moderate_R4_IR-4(1) FedRAMP Moderate IR-4 (1) Automated Incident Handling Processes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-4(1) FedRAMP_Moderate_R4_IR-4(1) FedRAMP Moderate IR-4 (1) Automated Incident Handling Processes FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 IR-5 FedRAMP_Moderate_R4_IR-5 FedRAMP Moderate IR-5 Incident Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_Moderate_R4 IR-6(1) FedRAMP_Moderate_R4_IR-6(1) FedRAMP Moderate IR-6 (1) Automated Reporting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_Moderate_R4 IR-7 FedRAMP_Moderate_R4_IR-7 FedRAMP Moderate IR-7 Incident Response Assistance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_Moderate_R4 IR-7(1) FedRAMP_Moderate_R4_IR-7(1) FedRAMP Moderate IR-7 (1) Automation Support For Availability Of Information / Support FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance FedRAMP_Moderate_R4 IR-7(2) FedRAMP_Moderate_R4_IR-7(2) FedRAMP Moderate IR-7 (2) Coordination With External Providers FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance FedRAMP_Moderate_R4 IR-7(2) FedRAMP_Moderate_R4_IR-7(2) FedRAMP Moderate IR-7 (2) Coordination With External Providers FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-8 FedRAMP_Moderate_R4_IR-8 FedRAMP Moderate IR-8 Incident Response Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 IR-9 FedRAMP_Moderate_R4_IR-9 FedRAMP Moderate IR-9 Information Spillage Response FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance FedRAMP_Moderate_R4 IR-9(1) FedRAMP_Moderate_R4_IR-9(1) FedRAMP Moderate IR-9 (1) Responsible Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance FedRAMP_Moderate_R4 IR-9(2) FedRAMP_Moderate_R4_IR-9(2) FedRAMP Moderate IR-9 (2) Training FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures Regulatory Compliance FedRAMP_Moderate_R4 IR-9(3) FedRAMP_Moderate_R4_IR-9(3) FedRAMP Moderate IR-9 (3) Post-Spill Operations FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance FedRAMP_Moderate_R4 IR-9(4) FedRAMP_Moderate_R4_IR-9(4) FedRAMP Moderate IR-9 (4) Exposure To Unauthorized Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 MA-1 FedRAMP_Moderate_R4_MA-1 FedRAMP Moderate MA-1 System Maintenance Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-2 FedRAMP_Moderate_R4_MA-2 FedRAMP Moderate MA-2 Controlled Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MA-2 FedRAMP_Moderate_R4_MA-2 FedRAMP Moderate MA-2 Controlled Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-2 FedRAMP_Moderate_R4_MA-2 FedRAMP Moderate MA-2 Controlled Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MA-2 FedRAMP_Moderate_R4_MA-2 FedRAMP Moderate MA-2 Controlled Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3 FedRAMP_Moderate_R4_MA-3 FedRAMP Moderate MA-3 Maintenance Tools FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3 FedRAMP_Moderate_R4_MA-3 FedRAMP Moderate MA-3 Maintenance Tools FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(1) FedRAMP_Moderate_R4_MA-3(1) FedRAMP Moderate MA-3 (1) Inspect Tools FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(1) FedRAMP_Moderate_R4_MA-3(1) FedRAMP Moderate MA-3 (1) Inspect Tools FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(2) FedRAMP_Moderate_R4_MA-3(2) FedRAMP Moderate MA-3 (2) Inspect Media FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(2) FedRAMP_Moderate_R4_MA-3(2) FedRAMP Moderate MA-3 (2) Inspect Media FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(3) FedRAMP_Moderate_R4_MA-3(3) FedRAMP Moderate MA-3 (3) Prevent Unauthorized Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-3(3) FedRAMP_Moderate_R4_MA-3(3) FedRAMP Moderate MA-3 (3) Prevent Unauthorized Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MA-3(3) FedRAMP_Moderate_R4_MA-3(3) FedRAMP Moderate MA-3 (3) Prevent Unauthorized Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MA-3(3) FedRAMP_Moderate_R4_MA-3(3) FedRAMP Moderate MA-3 (3) Prevent Unauthorized Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-4 FedRAMP_Moderate_R4_MA-4 FedRAMP Moderate MA-4 Nonlocal Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance FedRAMP_Moderate_R4 MA-4(2) FedRAMP_Moderate_R4_MA-4(2) FedRAMP Moderate MA-4 (2) Document Nonlocal Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance FedRAMP_Moderate_R4 MA-5 FedRAMP_Moderate_R4_MA-5 FedRAMP Moderate MA-5 Maintenance Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance FedRAMP_Moderate_R4 MA-5 FedRAMP_Moderate_R4_MA-5 FedRAMP Moderate MA-5 Maintenance Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance FedRAMP_Moderate_R4 MA-5 FedRAMP_Moderate_R4_MA-5 FedRAMP Moderate MA-5 Maintenance Personnel FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MA-5(1) FedRAMP_Moderate_R4_MA-5(1) FedRAMP Moderate MA-5 (1) Individuals Without Appropriate Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MA-5(1) FedRAMP_Moderate_R4_MA-5(1) FedRAMP Moderate MA-5 (1) Individuals Without Appropriate Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance FedRAMP_Moderate_R4 MA-6 FedRAMP_Moderate_R4_MA-6 FedRAMP Moderate MA-6 Timely Maintenance FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 MP-1 FedRAMP_Moderate_R4_MP-1 FedRAMP Moderate MP-1 Media Protection Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-2 FedRAMP_Moderate_R4_MP-2 FedRAMP Moderate MP-2 Media Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-3 FedRAMP_Moderate_R4_MP-3 FedRAMP Moderate MP-3 Media Marking FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-4 FedRAMP_Moderate_R4_MP-4 FedRAMP Moderate MP-4 Media Storage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MP-4 FedRAMP_Moderate_R4_MP-4 FedRAMP Moderate MP-4 Media Storage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_Moderate_R4 MP-5 FedRAMP_Moderate_R4_MP-5 FedRAMP Moderate MP-5 Media Transport FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-5 FedRAMP_Moderate_R4_MP-5 FedRAMP Moderate MP-5 Media Transport FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-5(4) FedRAMP_Moderate_R4_MP-5(4) FedRAMP Moderate MP-5 (4) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_Moderate_R4 MP-5(4) FedRAMP_Moderate_R4_MP-5(4) FedRAMP Moderate MP-5 (4) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MP-6 FedRAMP_Moderate_R4_MP-6 FedRAMP Moderate MP-6 Media Sanitization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-6 FedRAMP_Moderate_R4_MP-6 FedRAMP Moderate MP-6 Media Sanitization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance FedRAMP_Moderate_R4 MP-6(2) FedRAMP_Moderate_R4_MP-6(2) FedRAMP Moderate MP-6 (2) Equipment Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-6(2) FedRAMP_Moderate_R4_MP-6(2) FedRAMP Moderate MP-6 (2) Equipment Testing FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 MP-7 FedRAMP_Moderate_R4_MP-7 FedRAMP Moderate MP-7 Media Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-7 FedRAMP_Moderate_R4_MP-7 FedRAMP Moderate MP-7 Media Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance FedRAMP_Moderate_R4 MP-7 FedRAMP_Moderate_R4_MP-7 FedRAMP Moderate MP-7 Media Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_Moderate_R4 MP-7 FedRAMP_Moderate_R4_MP-7 FedRAMP Moderate MP-7 Media Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance FedRAMP_Moderate_R4 MP-7(1) FedRAMP_Moderate_R4_MP-7(1) FedRAMP Moderate MP-7 (1) Prohibit Use Without Owner FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 MP-7(1) FedRAMP_Moderate_R4_MP-7(1) FedRAMP Moderate MP-7 (1) Prohibit Use Without Owner FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 MP-7(1) FedRAMP_Moderate_R4_MP-7(1) FedRAMP Moderate MP-7 (1) Prohibit Use Without Owner FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance FedRAMP_Moderate_R4 MP-7(1) FedRAMP_Moderate_R4_MP-7(1) FedRAMP Moderate MP-7 (1) Prohibit Use Without Owner FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PE-1 FedRAMP_Moderate_R4_PE-1 FedRAMP Moderate PE-1 Physical And Environmental Protection Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance FedRAMP_Moderate_R4 PE-12 FedRAMP_Moderate_R4_PE-12 FedRAMP Moderate PE-12 Emergency Lighting FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-13 FedRAMP_Moderate_R4_PE-13 FedRAMP Moderate PE-13 Fire Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-13(2) FedRAMP_Moderate_R4_PE-13(2) FedRAMP Moderate PE-13 (2) Suppression Devices / Systems FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-13(3) FedRAMP_Moderate_R4_PE-13(3) FedRAMP Moderate PE-13 (3) Automatic Fire Suppression FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-14 FedRAMP_Moderate_R4_PE-14 FedRAMP Moderate PE-14 Temperature And Humidity Controls FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance FedRAMP_Moderate_R4 PE-14(2) FedRAMP_Moderate_R4_PE-14(2) FedRAMP Moderate PE-14 (2) Monitoring With Alarms / Notifications FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-14(2) FedRAMP_Moderate_R4_PE-14(2) FedRAMP Moderate PE-14 (2) Monitoring With Alarms / Notifications FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-15 FedRAMP_Moderate_R4_PE-15 FedRAMP Moderate PE-15 Water Damage Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance FedRAMP_Moderate_R4 PE-16 FedRAMP_Moderate_R4_PE-16 FedRAMP Moderate PE-16 Delivery And Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance FedRAMP_Moderate_R4 PE-16 FedRAMP_Moderate_R4_PE-16 FedRAMP Moderate PE-16 Delivery And Removal FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance FedRAMP_Moderate_R4 PE-17 FedRAMP_Moderate_R4_PE-17 FedRAMP Moderate PE-17 Alternate Work Site FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-2 FedRAMP_Moderate_R4_PE-2 FedRAMP Moderate PE-2 Physical Access Authorizations FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance FedRAMP_Moderate_R4 PE-3 FedRAMP_Moderate_R4_PE-3 FedRAMP Moderate PE-3 Physical Access Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance FedRAMP_Moderate_R4 PE-3 FedRAMP_Moderate_R4_PE-3 FedRAMP Moderate PE-3 Physical Access Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-3 FedRAMP_Moderate_R4_PE-3 FedRAMP Moderate PE-3 Physical Access Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-3 FedRAMP_Moderate_R4_PE-3 FedRAMP Moderate PE-3 Physical Access Control FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-4 FedRAMP_Moderate_R4_PE-4 FedRAMP Moderate PE-4 Access Control For Transmission Medium FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-4 FedRAMP_Moderate_R4_PE-4 FedRAMP Moderate PE-4 Access Control For Transmission Medium FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance FedRAMP_Moderate_R4 PE-5 FedRAMP_Moderate_R4_PE-5 FedRAMP Moderate PE-5 Access Control For Output Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-5 FedRAMP_Moderate_R4_PE-5 FedRAMP Moderate PE-5 Access Control For Output Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-5 FedRAMP_Moderate_R4_PE-5 FedRAMP Moderate PE-5 Access Control For Output Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance FedRAMP_Moderate_R4 PE-6(1) FedRAMP_Moderate_R4_PE-6(1) FedRAMP Moderate PE-6 (1) Intrusion Alarms / Surveillance Equipment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance FedRAMP_Moderate_R4 PE-6(1) FedRAMP_Moderate_R4_PE-6(1) FedRAMP Moderate PE-6 (1) Intrusion Alarms / Surveillance Equipment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance FedRAMP_Moderate_R4 PE-8 FedRAMP_Moderate_R4_PE-8 FedRAMP Moderate PE-8 Visitor Access Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 PE-8 FedRAMP_Moderate_R4_PE-8 FedRAMP Moderate PE-8 Visitor Access Records FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PL-1 FedRAMP_Moderate_R4_PL-1 FedRAMP Moderate PL-1 Security Planning Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance FedRAMP_Moderate_R4 PL-2 FedRAMP_Moderate_R4_PL-2 FedRAMP Moderate PL-2 System Security Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance FedRAMP_Moderate_R4 PL-2(3) FedRAMP_Moderate_R4_PL-2(3) FedRAMP Moderate PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance FedRAMP_Moderate_R4 PL-2(3) FedRAMP_Moderate_R4_PL-2(3) FedRAMP Moderate PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance FedRAMP_Moderate_R4 PL-2(3) FedRAMP_Moderate_R4_PL-2(3) FedRAMP Moderate PL-2 (3) Plan / Coordinate With Other Organizational Entities FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance FedRAMP_Moderate_R4 PL-4 FedRAMP_Moderate_R4_PL-4 FedRAMP Moderate PL-4 Rules Of Behavior FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PL-4(1) FedRAMP_Moderate_R4_PL-4(1) FedRAMP Moderate PL-4 (1) Social Media And Networking Restrictions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance FedRAMP_Moderate_R4 PL-8 FedRAMP_Moderate_R4_PL-8 FedRAMP Moderate PL-8 Information Security Architecture FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance FedRAMP_Moderate_R4 PL-8 FedRAMP_Moderate_R4_PL-8 FedRAMP Moderate PL-8 Information Security Architecture FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PS-1 FedRAMP_Moderate_R4_PS-1 FedRAMP Moderate PS-1 Personnel Security Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance FedRAMP_Moderate_R4 PS-2 FedRAMP_Moderate_R4_PS-2 FedRAMP Moderate PS-2 Position Risk Designation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance FedRAMP_Moderate_R4 PS-3 FedRAMP_Moderate_R4_PS-3 FedRAMP Moderate PS-3 Personnel Screening FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance FedRAMP_Moderate_R4 PS-3 FedRAMP_Moderate_R4_PS-3 FedRAMP Moderate PS-3 Personnel Screening FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance FedRAMP_Moderate_R4 PS-3 FedRAMP_Moderate_R4_PS-3 FedRAMP Moderate PS-3 Personnel Screening FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance FedRAMP_Moderate_R4 PS-3(3) FedRAMP_Moderate_R4_PS-3(3) FedRAMP Moderate PS-3 (3) Information With Special Protection Measures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance FedRAMP_Moderate_R4 PS-4 FedRAMP_Moderate_R4_PS-4 FedRAMP Moderate PS-4 Personnel Termination FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance FedRAMP_Moderate_R4 PS-5 FedRAMP_Moderate_R4_PS-5 FedRAMP Moderate PS-5 Personnel Transfer FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance FedRAMP_Moderate_R4 PS-5 FedRAMP_Moderate_R4_PS-5 FedRAMP Moderate PS-5 Personnel Transfer FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance FedRAMP_Moderate_R4 PS-5 FedRAMP_Moderate_R4_PS-5 FedRAMP Moderate PS-5 Personnel Transfer FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance FedRAMP_Moderate_R4 PS-5 FedRAMP_Moderate_R4_PS-5 FedRAMP Moderate PS-5 Personnel Transfer FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance FedRAMP_Moderate_R4 PS-6 FedRAMP_Moderate_R4_PS-6 FedRAMP Moderate PS-6 Access Agreements FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance FedRAMP_Moderate_R4 PS-7 FedRAMP_Moderate_R4_PS-7 FedRAMP Moderate PS-7 Third-Party Personnel Security FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance FedRAMP_Moderate_R4 PS-8 FedRAMP_Moderate_R4_PS-8 FedRAMP Moderate PS-8 Personnel Sanctions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance FedRAMP_Moderate_R4 PS-8 FedRAMP_Moderate_R4_PS-8 FedRAMP Moderate PS-8 Personnel Sanctions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 RA-1 FedRAMP_Moderate_R4_RA-1 FedRAMP Moderate RA-1 Risk Assessment Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance FedRAMP_Moderate_R4 RA-2 FedRAMP_Moderate_R4_RA-2 FedRAMP Moderate RA-2 Security Categorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance FedRAMP_Moderate_R4 RA-2 FedRAMP_Moderate_R4_RA-2 FedRAMP Moderate RA-2 Security Categorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance FedRAMP_Moderate_R4 RA-2 FedRAMP_Moderate_R4_RA-2 FedRAMP Moderate RA-2 Security Categorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance FedRAMP_Moderate_R4 RA-2 FedRAMP_Moderate_R4_RA-2 FedRAMP Moderate RA-2 Security Categorization FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance FedRAMP_Moderate_R4 RA-3 FedRAMP_Moderate_R4_RA-3 FedRAMP Moderate RA-3 Risk Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance FedRAMP_Moderate_R4 RA-3 FedRAMP_Moderate_R4_RA-3 FedRAMP Moderate RA-3 Risk Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance FedRAMP_Moderate_R4 RA-3 FedRAMP_Moderate_R4_RA-3 FedRAMP Moderate RA-3 Risk Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance FedRAMP_Moderate_R4 RA-3 FedRAMP_Moderate_R4_RA-3 FedRAMP Moderate RA-3 Risk Assessment FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center FedRAMP_Moderate_R4 RA-5 FedRAMP_Moderate_R4_RA-5 FedRAMP Moderate RA-5 Vulnerability Scanning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5(1) FedRAMP_Moderate_R4_RA-5(1) FedRAMP Moderate RA-5 (1) Update Tool Capability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5(1) FedRAMP_Moderate_R4_RA-5(1) FedRAMP Moderate RA-5 (1) Update Tool Capability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5(2) FedRAMP_Moderate_R4_RA-5(2) FedRAMP Moderate RA-5 (2) Update By Frequency / Prior To New Scan / When Identified FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5(2) FedRAMP_Moderate_R4_RA-5(2) FedRAMP Moderate RA-5 (2) Update By Frequency / Prior To New Scan / When Identified FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5(3) FedRAMP_Moderate_R4_RA-5(3) FedRAMP Moderate RA-5 (3) Breadth / Depth Of Coverage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5(3) FedRAMP_Moderate_R4_RA-5(3) FedRAMP Moderate RA-5 (3) Breadth / Depth Of Coverage FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance FedRAMP_Moderate_R4 RA-5(5) FedRAMP_Moderate_R4_RA-5(5) FedRAMP Moderate RA-5 (5) Privileged Access FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 RA-5(6) FedRAMP_Moderate_R4_RA-5(6) FedRAMP Moderate RA-5 (6) Automated Trend Analyses FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance FedRAMP_Moderate_R4 RA-5(8) FedRAMP_Moderate_R4_RA-5(8) FedRAMP Moderate RA-5 (8) Review Historic Audit Logs FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 SA-1 FedRAMP_Moderate_R4_SA-1 FedRAMP Moderate SA-1 System And Services Acquisition Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance FedRAMP_Moderate_R4 SA-10 FedRAMP_Moderate_R4_SA-10 FedRAMP Moderate SA-10 Developer Configuration Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_Moderate_R4 SA-10(1) FedRAMP_Moderate_R4_SA-10(1) FedRAMP Moderate SA-10 (1) Software / Firmware Integrity Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 SA-11 FedRAMP_Moderate_R4_SA-11 FedRAMP Moderate SA-11 Developer Security Testing And Evaluation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SA-11 FedRAMP_Moderate_R4_SA-11 FedRAMP Moderate SA-11 Developer Security Testing And Evaluation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance FedRAMP_Moderate_R4 SA-11 FedRAMP_Moderate_R4_SA-11 FedRAMP Moderate SA-11 Developer Security Testing And Evaluation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance FedRAMP_Moderate_R4 SA-2 FedRAMP_Moderate_R4_SA-2 FedRAMP Moderate SA-2 Allocation Of Resources FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance FedRAMP_Moderate_R4 SA-3 FedRAMP_Moderate_R4_SA-3 FedRAMP Moderate SA-3 System Development Life Cycle FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance FedRAMP_Moderate_R4 SA-3 FedRAMP_Moderate_R4_SA-3 FedRAMP Moderate SA-3 System Development Life Cycle FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance FedRAMP_Moderate_R4 SA-3 FedRAMP_Moderate_R4_SA-3 FedRAMP Moderate SA-3 System Development Life Cycle FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance FedRAMP_Moderate_R4 SA-4 FedRAMP_Moderate_R4_SA-4 FedRAMP Moderate SA-4 Acquisition Process FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance FedRAMP_Moderate_R4 SA-4(1) FedRAMP_Moderate_R4_SA-4(1) FedRAMP Moderate SA-4 (1) Functional Properties Of Security Controls FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance FedRAMP_Moderate_R4 SA-4(10) FedRAMP_Moderate_R4_SA-4(10) FedRAMP Moderate SA-4 (10) Use Of Approved Piv Products FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance FedRAMP_Moderate_R4 SA-4(2) FedRAMP_Moderate_R4_SA-4(2) FedRAMP Moderate SA-4 (2) Design / Implementation Information For Security Controls FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance FedRAMP_Moderate_R4 SA-4(8) FedRAMP_Moderate_R4_SA-4(8) FedRAMP Moderate SA-4 (8) Continuous Monitoring Plan FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance FedRAMP_Moderate_R4 SA-4(9) FedRAMP_Moderate_R4_SA-4(9) FedRAMP Moderate SA-4 (9) Functions / Ports / Protocols / Services In Use FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance FedRAMP_Moderate_R4 SA-5 FedRAMP_Moderate_R4_SA-5 FedRAMP Moderate SA-5 Information System Documentation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance FedRAMP_Moderate_R4 SA-9 FedRAMP_Moderate_R4_SA-9 FedRAMP Moderate SA-9 External Information System Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance FedRAMP_Moderate_R4 SA-9 FedRAMP_Moderate_R4_SA-9 FedRAMP Moderate SA-9 External Information System Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance FedRAMP_Moderate_R4 SA-9 FedRAMP_Moderate_R4_SA-9 FedRAMP Moderate SA-9 External Information System Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance FedRAMP_Moderate_R4 SA-9 FedRAMP_Moderate_R4_SA-9 FedRAMP Moderate SA-9 External Information System Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance FedRAMP_Moderate_R4 SA-9(1) FedRAMP_Moderate_R4_SA-9(1) FedRAMP Moderate SA-9 (1) Risk Assessments / Organizational Approvals FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance FedRAMP_Moderate_R4 SA-9(1) FedRAMP_Moderate_R4_SA-9(1) FedRAMP Moderate SA-9 (1) Risk Assessments / Organizational Approvals FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance FedRAMP_Moderate_R4 SA-9(2) FedRAMP_Moderate_R4_SA-9(2) FedRAMP Moderate SA-9 (2) Identification Of Functions / Ports / Protocols / Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance FedRAMP_Moderate_R4 SA-9(4) FedRAMP_Moderate_R4_SA-9(4) FedRAMP Moderate SA-9 (4) Consistent Interests Of Consumers And Providers FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance FedRAMP_Moderate_R4 SA-9(5) FedRAMP_Moderate_R4_SA-9(5) FedRAMP Moderate SA-9 (5) Processing, Storage, And Service Location FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 SC-1 FedRAMP_Moderate_R4_SC-1 FedRAMP Moderate SC-1 System And Communications Protection Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance FedRAMP_Moderate_R4 SC-10 FedRAMP_Moderate_R4_SC-10 FedRAMP Moderate SC-10 Network Disconnect FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 Cryptographic Key Establishment And Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance FedRAMP_Moderate_R4 SC-12(2) FedRAMP_Moderate_R4_SC-12(2) FedRAMP Moderate SC-12 (2) Symmetric Keys FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance FedRAMP_Moderate_R4 SC-12(3) FedRAMP_Moderate_R4_SC-12(3) FedRAMP Moderate SC-12 (3) Asymmetric Keys FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance FedRAMP_Moderate_R4 SC-13 FedRAMP_Moderate_R4_SC-13 FedRAMP Moderate SC-13 Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance FedRAMP_Moderate_R4 SC-15 FedRAMP_Moderate_R4_SC-15 FedRAMP Moderate SC-15 Collaborative Computing Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance FedRAMP_Moderate_R4 SC-15 FedRAMP_Moderate_R4_SC-15 FedRAMP Moderate SC-15 Collaborative Computing Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance FedRAMP_Moderate_R4 SC-17 FedRAMP_Moderate_R4_SC-17 FedRAMP Moderate SC-17 Public Key Infrastructure Certificates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance FedRAMP_Moderate_R4 SC-18 FedRAMP_Moderate_R4_SC-18 FedRAMP Moderate SC-18 Mobile Code FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance FedRAMP_Moderate_R4 SC-18 FedRAMP_Moderate_R4_SC-18 FedRAMP Moderate SC-18 Mobile Code FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance FedRAMP_Moderate_R4 SC-18 FedRAMP_Moderate_R4_SC-18 FedRAMP Moderate SC-18 Mobile Code FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance FedRAMP_Moderate_R4 SC-19 FedRAMP_Moderate_R4_SC-19 FedRAMP Moderate SC-19 Voice Over Internet Protocol FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance FedRAMP_Moderate_R4 SC-19 FedRAMP_Moderate_R4_SC-19 FedRAMP Moderate SC-19 Voice Over Internet Protocol FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance FedRAMP_Moderate_R4 SC-2 FedRAMP_Moderate_R4_SC-2 FedRAMP Moderate SC-2 Application Partitioning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance FedRAMP_Moderate_R4 SC-2 FedRAMP_Moderate_R4_SC-2 FedRAMP Moderate SC-2 Application Partitioning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance FedRAMP_Moderate_R4 SC-2 FedRAMP_Moderate_R4_SC-2 FedRAMP Moderate SC-2 Application Partitioning FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_Moderate_R4 SC-20 FedRAMP_Moderate_R4_SC-20 FedRAMP Moderate SC-20 Secure Name / Address Resolution Service (Authoritative Source) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance FedRAMP_Moderate_R4 SC-20 FedRAMP_Moderate_R4_SC-20 FedRAMP Moderate SC-20 Secure Name / Address Resolution Service (Authoritative Source) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_Moderate_R4 SC-21 FedRAMP_Moderate_R4_SC-21 FedRAMP Moderate SC-21 Secure Name /Address Resolution Service (Recursive Or Caching Resolver) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_Moderate_R4 SC-21 FedRAMP_Moderate_R4_SC-21 FedRAMP Moderate SC-21 Secure Name /Address Resolution Service (Recursive Or Caching Resolver) FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance FedRAMP_Moderate_R4 SC-22 FedRAMP_Moderate_R4_SC-22 FedRAMP Moderate SC-22 Architecture And Provisioning For Name/Address Resolution Service FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance FedRAMP_Moderate_R4 SC-23 FedRAMP_Moderate_R4_SC-23 FedRAMP Moderate SC-23 Session Authenticity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance FedRAMP_Moderate_R4 SC-23 FedRAMP_Moderate_R4_SC-23 FedRAMP Moderate SC-23 Session Authenticity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute FedRAMP_Moderate_R4 SC-28 FedRAMP_Moderate_R4_SC-28 FedRAMP Moderate SC-28 Protection Of Information At Rest FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer FedRAMP_Moderate_R4 SC-28(1) FedRAMP_Moderate_R4_SC-28(1) FedRAMP Moderate SC-28 (1) Cryptographic Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance FedRAMP_Moderate_R4 SC-39 FedRAMP_Moderate_R4_SC-39 FedRAMP Moderate SC-39 Process Isolation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_Moderate_R4 SC-5 FedRAMP_Moderate_R4_SC-5 FedRAMP Moderate SC-5 Denial Of Service Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance FedRAMP_Moderate_R4 SC-6 FedRAMP_Moderate_R4_SC-6 FedRAMP Moderate SC-6 Resource Availability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance FedRAMP_Moderate_R4 SC-6 FedRAMP_Moderate_R4_SC-6 FedRAMP Moderate SC-6 Resource Availability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance FedRAMP_Moderate_R4 SC-6 FedRAMP_Moderate_R4_SC-6 FedRAMP Moderate SC-6 Resource Availability FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 SC-7 FedRAMP_Moderate_R4_SC-7 FedRAMP Moderate SC-7 Boundary Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SC-7(12) FedRAMP_Moderate_R4_SC-7(12) FedRAMP Moderate SC-7 (12) Host-Based Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance FedRAMP_Moderate_R4 SC-7(13) FedRAMP_Moderate_R4_SC-7(13) FedRAMP Moderate SC-7 (13) Isolation Of Security Tools / Mechanisms / Support Components FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components Regulatory Compliance FedRAMP_Moderate_R4 SC-7(18) FedRAMP_Moderate_R4_SC-7(18) FedRAMP Moderate SC-7 (18) Fail Secure FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SC-7(18) FedRAMP_Moderate_R4_SC-7(18) FedRAMP Moderate SC-7 (18) Fail Secure FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center FedRAMP_Moderate_R4 SC-7(3) FedRAMP_Moderate_R4_SC-7(3) FedRAMP Moderate SC-7 (3) Access Points FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SC-7(4) FedRAMP_Moderate_R4_SC-7(4) FedRAMP Moderate SC-7 (4) External Telecommunications Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance FedRAMP_Moderate_R4 SC-7(4) FedRAMP_Moderate_R4_SC-7(4) FedRAMP Moderate SC-7 (4) External Telecommunications Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance FedRAMP_Moderate_R4 SC-7(4) FedRAMP_Moderate_R4_SC-7(4) FedRAMP Moderate SC-7 (4) External Telecommunications Services FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance FedRAMP_Moderate_R4 SC-7(7) FedRAMP_Moderate_R4_SC-7(7) FedRAMP Moderate SC-7 (7) Prevent Split Tunneling For Remote Devices FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance FedRAMP_Moderate_R4 SC-7(8) FedRAMP_Moderate_R4_SC-7(8) FedRAMP Moderate SC-7 (8) Route Traffic To Authenticated Proxy Servers FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service FedRAMP_Moderate_R4 SC-8 FedRAMP_Moderate_R4_SC-8 FedRAMP Moderate SC-8 Transmission Confidentiality And Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service FedRAMP_Moderate_R4 SC-8(1) FedRAMP_Moderate_R4_SC-8(1) FedRAMP Moderate SC-8 (1) Cryptographic Or Alternate Physical Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance FedRAMP_Moderate_R4 SI-1 FedRAMP_Moderate_R4_SI-1 FedRAMP Moderate SI-1 System And Information Integrity Policy And Procedures FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance FedRAMP_Moderate_R4 SI-10 FedRAMP_Moderate_R4_SI-10 FedRAMP Moderate SI-10 Information Input Validation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance FedRAMP_Moderate_R4 SI-11 FedRAMP_Moderate_R4_SI-11 FedRAMP Moderate SI-11 Error Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance FedRAMP_Moderate_R4 SI-11 FedRAMP_Moderate_R4_SI-11 FedRAMP Moderate SI-11 Error Handling FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance FedRAMP_Moderate_R4 SI-12 FedRAMP_Moderate_R4_SI-12 FedRAMP Moderate SI-12 Information Handling And Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance FedRAMP_Moderate_R4 SI-12 FedRAMP_Moderate_R4_SI-12 FedRAMP Moderate SI-12 Information Handling And Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance FedRAMP_Moderate_R4 SI-12 FedRAMP_Moderate_R4_SI-12 FedRAMP Moderate SI-12 Information Handling And Retention FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-16 FedRAMP_Moderate_R4_SI-16 FedRAMP Moderate SI-16 Memory Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_Moderate_R4 SI-16 FedRAMP_Moderate_R4_SI-16 FedRAMP Moderate SI-16 Memory Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 SI-2 FedRAMP_Moderate_R4_SI-2 FedRAMP Moderate SI-2 Flaw Remediation FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance FedRAMP_Moderate_R4 SI-2(2) FedRAMP_Moderate_R4_SI-2(2) FedRAMP Moderate SI-2 (2) Automated Flaw Remediation Status FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance FedRAMP_Moderate_R4 SI-2(2) FedRAMP_Moderate_R4_SI-2(2) FedRAMP Moderate SI-2 (2) Automated Flaw Remediation Status FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance FedRAMP_Moderate_R4 SI-2(3) FedRAMP_Moderate_R4_SI-2(3) FedRAMP Moderate SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance FedRAMP_Moderate_R4 SI-2(3) FedRAMP_Moderate_R4_SI-2(3) FedRAMP Moderate SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-3 FedRAMP_Moderate_R4_SI-3 FedRAMP Moderate SI-3 Malicious Code Protection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center FedRAMP_Moderate_R4 SI-3(1) FedRAMP_Moderate_R4_SI-3(1) FedRAMP Moderate SI-3 (1) Central Management FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 SI-3(2) FedRAMP_Moderate_R4_SI-3(2) FedRAMP Moderate SI-3 (2) Automatic Updates FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-3(7) FedRAMP_Moderate_R4_SI-3(7) FedRAMP Moderate SI-3 (7) Nonsignature-Based Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center FedRAMP_Moderate_R4 SI-4 FedRAMP_Moderate_R4_SI-4 FedRAMP Moderate SI-4 Information System Monitoring FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance FedRAMP_Moderate_R4 SI-4(14) FedRAMP_Moderate_R4_SI-4(14) FedRAMP Moderate SI-4 (14) Wireless Intrusion Detection FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance FedRAMP_Moderate_R4 SI-4(2) FedRAMP_Moderate_R4_SI-4(2) FedRAMP Moderate SI-4 (2) Automated Tools For Real-Time Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance FedRAMP_Moderate_R4 SI-4(2) FedRAMP_Moderate_R4_SI-4(2) FedRAMP Moderate SI-4 (2) Automated Tools For Real-Time Analysis FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance FedRAMP_Moderate_R4 SI-4(4) FedRAMP_Moderate_R4_SI-4(4) FedRAMP Moderate SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance FedRAMP_Moderate_R4 SI-4(4) FedRAMP_Moderate_R4_SI-4(4) FedRAMP Moderate SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance FedRAMP_Moderate_R4 SI-4(4) FedRAMP_Moderate_R4_SI-4(4) FedRAMP Moderate SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance FedRAMP_Moderate_R4 SI-4(4) FedRAMP_Moderate_R4_SI-4(4) FedRAMP Moderate SI-4 (4) Inbound And Outbound Communications Traffic FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance FedRAMP_Moderate_R4 SI-4(5) FedRAMP_Moderate_R4_SI-4(5) FedRAMP Moderate SI-4 (5) System-Generated Alerts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance FedRAMP_Moderate_R4 SI-4(5) FedRAMP_Moderate_R4_SI-4(5) FedRAMP Moderate SI-4 (5) System-Generated Alerts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance FedRAMP_Moderate_R4 SI-4(5) FedRAMP_Moderate_R4_SI-4(5) FedRAMP Moderate SI-4 (5) System-Generated Alerts FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance FedRAMP_Moderate_R4 SI-5 FedRAMP_Moderate_R4_SI-5 FedRAMP Moderate SI-5 Security Alerts, Advisories, And Directives FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance FedRAMP_Moderate_R4 SI-5 FedRAMP_Moderate_R4_SI-5 FedRAMP Moderate SI-5 Security Alerts, Advisories, And Directives FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance FedRAMP_Moderate_R4 SI-5 FedRAMP_Moderate_R4_SI-5 FedRAMP Moderate SI-5 Security Alerts, Advisories, And Directives FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance FedRAMP_Moderate_R4 SI-5 FedRAMP_Moderate_R4_SI-5 FedRAMP Moderate SI-5 Security Alerts, Advisories, And Directives FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance FedRAMP_Moderate_R4 SI-6 FedRAMP_Moderate_R4_SI-6 FedRAMP Moderate SI-6 Security Function Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance FedRAMP_Moderate_R4 SI-6 FedRAMP_Moderate_R4_SI-6 FedRAMP Moderate SI-6 Security Function Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance FedRAMP_Moderate_R4 SI-6 FedRAMP_Moderate_R4_SI-6 FedRAMP Moderate SI-6 Security Function Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance FedRAMP_Moderate_R4 SI-6 FedRAMP_Moderate_R4_SI-6 FedRAMP Moderate SI-6 Security Function Verification FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_Moderate_R4 SI-7 FedRAMP_Moderate_R4_SI-7 FedRAMP Moderate SI-7 Software, Firmware, And Information Integrity FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance FedRAMP_Moderate_R4 SI-7(1) FedRAMP_Moderate_R4_SI-7(1) FedRAMP Moderate SI-7 (1) Integrity Checks FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance FedRAMP_Moderate_R4 SI-7(1) FedRAMP_Moderate_R4_SI-7(1) FedRAMP Moderate SI-7 (1) Integrity Checks FedRAMP Moderate (e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0102.00a2Organizational.123-00.a hipaa-0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 0102.00a2Organizational.123-00.a hipaa-0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0102.00a2Organizational.123-00.a hipaa-0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0102.00a2Organizational.123-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0103.00a3Organizational.1234567-00.a hipaa-0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0103.00a3Organizational.1234567-00.a hipaa-0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0103.00a3Organizational.1234567-00.a hipaa-0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0103.00a3Organizational.1234567-00.a 0.01 Information Security Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 0104.02a1Organizational.12-02.a hipaa-0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 0104.02a1Organizational.12-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 0106.02a2Organizational.23-02.a hipaa-0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance hipaa 0106.02a2Organizational.23-02.a hipaa-0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance hipaa 0106.02a2Organizational.23-02.a hipaa-0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance hipaa 0106.02a2Organizational.23-02.a hipaa-0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 0106.02a2Organizational.23-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 0107.02d1Organizational.1-02.d hipaa-0107.02d1Organizational.1-02.d 0107.02d1Organizational.1-02.d 0107.02d1Organizational.1-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c3b3cc61-9c70-5d78-7f12-1aefcc477db7 Review security testing, training, and monitoring plans Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21832235-7a07-61f4-530d-d596f76e5b95 Implement security testing, training, and monitoring plans Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 0108.02d1Organizational.23-02.d hipaa-0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 0108.02d1Organizational.23-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 0109.02d1Organizational.4-02.d hipaa-0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 0109.02d1Organizational.4-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 0110.02d2Organizational.1-02.d hipaa-0110.02d2Organizational.1-02.d 0110.02d2Organizational.1-02.d 0110.02d2Organizational.1-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 0110.02d2Organizational.1-02.d hipaa-0110.02d2Organizational.1-02.d 0110.02d2Organizational.1-02.d 0110.02d2Organizational.1-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 0111.02d2Organizational.2-02.d hipaa-0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 0111.02d2Organizational.2-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 01110.05a1Organizational.5-05.a hipaa-01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 01110.05a1Organizational.5-05.a hipaa-01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 01110.05a1Organizational.5-05.a hipaa-01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 01110.05a1Organizational.5-05.a hipaa-01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 01110.05a1Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 01111.05a2Organizational.5-05.a hipaa-01111.05a2Organizational.5-05.a 01111.05a2Organizational.5-05.a 01111.05a2Organizational.5-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance hipaa 0113.04a1Organizational.123-04.a hipaa-0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0113.04a1Organizational.123-04.a hipaa-0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0113.04a1Organizational.123-04.a hipaa-0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0114.04b1Organizational.1-04.b hipaa-0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 0114.04b1Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance hipaa 0115.04b2Organizational.123-04.b hipaa-0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 0115.04b2Organizational.123-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance hipaa 0116.04b3Organizational.1-04.b hipaa-0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 0116.04b3Organizational.1-04.b hipaa-0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 0116.04b3Organizational.1-04.b hipaa-0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance hipaa 0116.04b3Organizational.1-04.b hipaa-0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 0116.04b3Organizational.1-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 0117.05a1Organizational.1-05.a hipaa-0117.05a1Organizational.1-05.a 0117.05a1Organizational.1-05.a 0117.05a1Organizational.1-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0119.05a1Organizational.3-05.a hipaa-0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 0119.05a1Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance hipaa 0120.05a1Organizational.4-05.a hipaa-0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 0120.05a1Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance hipaa 0121.05a2Organizational.12-05.a hipaa-0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 0121.05a2Organizational.12-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 0122.05a2Organizational.3-05.a hipaa-0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 0122.05a2Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance hipaa 0123.05a2Organizational.4-05.a hipaa-0123.05a2Organizational.4-05.a 0123.05a2Organizational.4-05.a 0123.05a2Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0123.05a2Organizational.4-05.a hipaa-0123.05a2Organizational.4-05.a 0123.05a2Organizational.4-05.a 0123.05a2Organizational.4-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 0124.05a3Organizational.1-05.a hipaa-0124.05a3Organizational.1-05.a 0124.05a3Organizational.1-05.a 0124.05a3Organizational.1-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 0124.05a3Organizational.1-05.a hipaa-0124.05a3Organizational.1-05.a 0124.05a3Organizational.1-05.a 0124.05a3Organizational.1-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0125.05a3Organizational.2-05.a hipaa-0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 0125.05a3Organizational.2-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 0135.02f1Organizational.56-02.f hipaa-0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 0135.02f1Organizational.56-02.f hipaa-0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 0135.02f1Organizational.56-02.f hipaa-0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 0135.02f1Organizational.56-02.f hipaa-0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance hipaa 0137.02a1Organizational.3-02.a hipaa-0137.02a1Organizational.3-02.a 0137.02a1Organizational.3-02.a 0137.02a1Organizational.3-02.a 02.01 Prior to Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 0162.04b1Organizational.2-04.b hipaa-0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0162.04b1Organizational.2-04.b hipaa-0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0162.04b1Organizational.2-04.b hipaa-0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0162.04b1Organizational.2-04.b hipaa-0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 0162.04b1Organizational.2-04.b 04.01 Information Security Policy HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance hipaa 0165.05a3Organizational.3-05.a hipaa-0165.05a3Organizational.3-05.a 0165.05a3Organizational.3-05.a 0165.05a3Organizational.3-05.a 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0177.05h1Organizational.12-05.h hipaa-0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 0177.05h1Organizational.12-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0178.05h1Organizational.3-05.h hipaa-0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0178.05h1Organizational.3-05.h hipaa-0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0178.05h1Organizational.3-05.h hipaa-0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 0178.05h1Organizational.3-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 0179.05h1Organizational.4-05.h hipaa-0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0179.05h1Organizational.4-05.h hipaa-0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d93fe1be-13e4-421d-9c21-3158e2fa2667 Implement plans of action and milestones for security program process Regulatory Compliance hipaa 0179.05h1Organizational.4-05.h hipaa-0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0180.05h2Organizational.1-05.h hipaa-0180.05h2Organizational.1-05.h 0180.05h2Organizational.1-05.h 0180.05h2Organizational.1-05.h 05.01 Internal Organization HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute hipaa 0201.09j1Organizational.124-09.j hipaa-0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 0201.09j1Organizational.124-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance hipaa 0204.09j2Organizational.1-09.j hipaa-0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 0204.09j2Organizational.1-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0206.09j2Organizational.34-09.j hipaa-0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 0206.09j2Organizational.34-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0207.09j2Organizational.56-09.j hipaa-0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 0207.09j2Organizational.56-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance hipaa 0208.09j2Organizational.7-09.j hipaa-0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance hipaa 0208.09j2Organizational.7-09.j hipaa-0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance hipaa 0208.09j2Organizational.7-09.j hipaa-0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 0208.09j2Organizational.7-09.j hipaa-0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 0214.09j1Organizational.6-09.j hipaa-0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 0214.09j1Organizational.6-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0215.09j2Organizational.8-09.j hipaa-0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 0215.09j2Organizational.8-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0216.09j2Organizational.9-09.j hipaa-0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 0216.09j2Organizational.9-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0217.09j2Organizational.10-09.j hipaa-0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 0217.09j2Organizational.10-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0219.09j2Organizational.12-09.j hipaa-0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 0219.09j2Organizational.12-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance hipaa 0225.09k1Organizational.1-09.k hipaa-0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 0225.09k1Organizational.1-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0226.09k1Organizational.2-09.k hipaa-0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 0226.09k1Organizational.2-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0227.09k2Organizational.12-09.k hipaa-0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 0227.09k2Organizational.12-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0228.09k2Organizational.3-09.k hipaa-0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 0228.09k2Organizational.3-09.k 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0301.09o1Organizational.123-09.o hipaa-0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 0301.09o1Organizational.123-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0302.09o2Organizational.1-09.o hipaa-0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 0302.09o2Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0303.09o2Organizational.2-09.o hipaa-0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 0303.09o2Organizational.2-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a7ff3161-0087-490a-9ad9-ad6217f4f43a Require encryption on Data Lake Store accounts Data Lake hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL hipaa 0304.09o3Organizational.1-09.o hipaa-0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 0304.09o3Organizational.1-09.o 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0305.09q1Organizational.12-09.q hipaa-0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 0305.09q1Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0307.09q2Organizational.12-09.q hipaa-0307.09q2Organizational.12-09.q 0307.09q2Organizational.12-09.q 0307.09q2Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0307.09q2Organizational.12-09.q hipaa-0307.09q2Organizational.12-09.q 0307.09q2Organizational.12-09.q 0307.09q2Organizational.12-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0308.09q3Organizational.1-09.q hipaa-0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0308.09q3Organizational.1-09.q hipaa-0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0308.09q3Organizational.1-09.q hipaa-0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 0308.09q3Organizational.1-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0314.09q3Organizational.2-09.q hipaa-0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 0314.09q3Organizational.2-09.q 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0401.01x1System.124579-01.x hipaa-0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 0401.01x1System.124579-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0403.01x1System.8-01.x hipaa-0403.01x1System.8-01.x 0403.01x1System.8-01.x 0403.01x1System.8-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0405.01y1Organizational.12345678-01.y hipaa-0405.01y1Organizational.12345678-01.y 0405.01y1Organizational.12345678-01.y 0405.01y1Organizational.12345678-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0407.01y2Organizational.1-01.y hipaa-0407.01y2Organizational.1-01.y 0407.01y2Organizational.1-01.y 0407.01y2Organizational.1-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 0407.01y2Organizational.1-01.y hipaa-0407.01y2Organizational.1-01.y 0407.01y2Organizational.1-01.y 0407.01y2Organizational.1-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 0408.01y3Organizational.12-01.y hipaa-0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 0408.01y3Organizational.12-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0409.01y3Organizational.3-01.y hipaa-0409.01y3Organizational.3-01.y 0409.01y3Organizational.3-01.y 0409.01y3Organizational.3-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0410.01x1System.12-01.xMobileComputingandCommunications hipaa-0410.01x1System.12-01.xMobileComputingandCommunications 0410.01x1System.12-01.xMobileComputingandCommunications 0410.01x1System.12-01.xMobileComputingandCommunications 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0410.01x1System.12-01.xMobileComputingandCommunications hipaa-0410.01x1System.12-01.xMobileComputingandCommunications 0410.01x1System.12-01.xMobileComputingandCommunications 0410.01x1System.12-01.xMobileComputingandCommunications 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0415.01y1Organizational.10-01.y hipaa-0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 0415.01y1Organizational.10-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 0416.01y3Organizational.4-01.y hipaa-0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 0416.01y3Organizational.4-01.y hipaa-0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0416.01y3Organizational.4-01.y hipaa-0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0416.01y3Organizational.4-01.y hipaa-0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 0416.01y3Organizational.4-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0417.01y3Organizational.5-01.y hipaa-0417.01y3Organizational.5-01.y 0417.01y3Organizational.5-01.y 0417.01y3Organizational.5-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0425.01x1System.13-01.x hipaa-0425.01x1System.13-01.x 0425.01x1System.13-01.x 0425.01x1System.13-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0426.01x2System.1-01.x hipaa-0426.01x2System.1-01.x 0426.01x2System.1-01.x 0426.01x2System.1-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0427.01x2System.2-01.x hipaa-0427.01x2System.2-01.x 0427.01x2System.2-01.x 0427.01x2System.2-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0427.01x2System.2-01.x hipaa-0427.01x2System.2-01.x 0427.01x2System.2-01.x 0427.01x2System.2-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0427.01x2System.2-01.x hipaa-0427.01x2System.2-01.x 0427.01x2System.2-01.x 0427.01x2System.2-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0427.01x2System.2-01.x hipaa-0427.01x2System.2-01.x 0427.01x2System.2-01.x 0427.01x2System.2-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0428.01x2System.3-01.x hipaa-0428.01x2System.3-01.x 0428.01x2System.3-01.x 0428.01x2System.3-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0428.01x2System.3-01.x hipaa-0428.01x2System.3-01.x 0428.01x2System.3-01.x 0428.01x2System.3-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0428.01x2System.3-01.x hipaa-0428.01x2System.3-01.x 0428.01x2System.3-01.x 0428.01x2System.3-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0428.01x2System.3-01.x hipaa-0428.01x2System.3-01.x 0428.01x2System.3-01.x 0428.01x2System.3-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0429.01x1System.14-01.x hipaa-0429.01x1System.14-01.x 0429.01x1System.14-01.x 0429.01x1System.14-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance hipaa 0504.09m2Organizational.5-09.m hipaa-0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 0504.09m2Organizational.5-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 0505.09m2Organizational.3-09.m hipaa-0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 0505.09m2Organizational.3-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 0601.06g1Organizational.124-06.g hipaa-0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 0601.06g1Organizational.124-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0602.06g1Organizational.3-06.g hipaa-0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 0602.06g1Organizational.3-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0603.06g2Organizational.1-06.g hipaa-0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 0603.06g2Organizational.1-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration hipaa 0605.10h1System.12-10.h hipaa-0605.10h1System.12-10.h 0605.10h1System.12-10.h 0605.10h1System.12-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center hipaa 0606.10h2System.1-10.h hipaa-0606.10h2System.1-10.h 0606.10h2System.1 - 10.h Applications and operating systems are successfully tested for usability, security and impact prior to production. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center hipaa 0607.10h2System.23-10.h hipaa-0607.10h2System.23-10.h 0607.10h2System.23 - 10.h The organization uses its configuration control program to maintain control of all implemented software and its system documentation and archive prior versions of implemented software and associated system documentation. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center hipaa 0607.10h2System.23-10.h hipaa-0607.10h2System.23-10.h 0607.10h2System.23 - 10.h The organization uses its configuration control program to maintain control of all implemented software and its system documentation and archive prior versions of implemented software and associated system documentation. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0613.06h1Organizational.12-06.h hipaa-0613.06h1Organizational.12-06.h 0613.06h1Organizational.12-06.h 0613.06h1Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance hipaa 0613.06h1Organizational.12-06.h hipaa-0613.06h1Organizational.12-06.h 0613.06h1Organizational.12-06.h 0613.06h1Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0614.06h2Organizational.12-06.h hipaa-0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 0614.06h2Organizational.12-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0615.06h2Organizational.3-06.h hipaa-0615.06h2Organizational.3-06.h 0615.06h2Organizational.3-06.h 0615.06h2Organizational.3-06.h 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0618.09b1System.1-09.b hipaa-0618.09b1System.1-09.b 0618.09b1System.1-09.b 0618.09b1System.1-09.b 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0626.10h1System.3-10.h hipaa-0626.10h1System.3-10.h 0626.10h1System.3-10.h 0626.10h1System.3-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0626.10h1System.3-10.h hipaa-0626.10h1System.3-10.h 0626.10h1System.3-10.h 0626.10h1System.3-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0626.10h1System.3-10.h hipaa-0626.10h1System.3-10.h 0626.10h1System.3-10.h 0626.10h1System.3-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0627.10h1System.45-10.h hipaa-0627.10h1System.45-10.h 0627.10h1System.45-10.h 0627.10h1System.45-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0628.10h1System.6-10.h hipaa-0628.10h1System.6-10.h 0628.10h1System.6-10.h 0628.10h1System.6-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0628.10h1System.6-10.h hipaa-0628.10h1System.6-10.h 0628.10h1System.6-10.h 0628.10h1System.6-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0628.10h1System.6-10.h hipaa-0628.10h1System.6-10.h 0628.10h1System.6-10.h 0628.10h1System.6-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0628.10h1System.6-10.h hipaa-0628.10h1System.6-10.h 0628.10h1System.6-10.h 0628.10h1System.6-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service hipaa 0662.09sCSPOrganizational.2-09.s hipaa-0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0662.09sCSPOrganizational.2-09.s hipaa-0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0662.09sCSPOrganizational.2-09.s hipaa-0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 0662.09sCSPOrganizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0663.10h1System.7-10.h hipaa-0663.10h1System.7-10.h 0663.10h1System.7-10.h 0663.10h1System.7-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0669.10hCSPSystem.1-10.h hipaa-0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 0669.10hCSPSystem.1-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 0670.10hCSPSystem.2-10.h hipaa-0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 0670.10hCSPSystem.2-10.h hipaa-0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 0670.10hCSPSystem.2-10.h hipaa-0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 0670.10hCSPSystem.2-10.h 10.04 Security of System Files HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 0671.10k1System.1-10.k hipaa-0671.10k1System.1-10.k 0671.10k1System.1-10.k 0671.10k1System.1-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0672.10k3System.5-10.k hipaa-0672.10k3System.5-10.k 0672.10k3System.5-10.k 0672.10k3System.5-10.k 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 068.06g2Organizational.34-06.g hipaa-068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 068.06g2Organizational.34-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 0701.07a1Organizational.12-07.a hipaa-0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 0701.07a1Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 0702.07a1Organizational.3-07.a hipaa-0702.07a1Organizational.3-07.a 0702.07a1Organizational.3-07.a 0702.07a1Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0702.07a1Organizational.3-07.a hipaa-0702.07a1Organizational.3-07.a 0702.07a1Organizational.3-07.a 0702.07a1Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 0703.07a2Organizational.1-07.a hipaa-0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0703.07a2Organizational.1-07.a hipaa-0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 0703.07a2Organizational.1-07.a hipaa-0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 0703.07a2Organizational.1-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 0704.07a3Organizational.12-07.a hipaa-0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 0704.07a3Organizational.12-07.a hipaa-0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0704.07a3Organizational.12-07.a hipaa-0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 0704.07a3Organizational.12-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 0705.07a3Organizational.3-07.a hipaa-0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0705.07a3Organizational.3-07.a hipaa-0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 0705.07a3Organizational.3-07.a hipaa-0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 0705.07a3Organizational.3-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 0706.10b1System.12-10.b hipaa-0706.10b1System.12-10.b 0706.10b1System.12-10.b 0706.10b1System.12-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance hipaa 0706.10b1System.12-10.b hipaa-0706.10b1System.12-10.b 0706.10b1System.12-10.b 0706.10b1System.12-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 0706.10b1System.12-10.b hipaa-0706.10b1System.12-10.b 0706.10b1System.12-10.b 0706.10b1System.12-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 0706.10b1System.12-10.b hipaa-0706.10b1System.12-10.b 0706.10b1System.12-10.b 0706.10b1System.12-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0708.10b2System.2-10.b hipaa-0708.10b2System.2-10.b 0708.10b2System.2-10.b 0708.10b2System.2-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0708.10b2System.2-10.b hipaa-0708.10b2System.2-10.b 0708.10b2System.2-10.b 0708.10b2System.2-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 0708.10b2System.2-10.b hipaa-0708.10b2System.2-10.b 0708.10b2System.2-10.b 0708.10b2System.2-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0709.10m1Organizational.1-10.m hipaa-0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 0709.10m1Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0710.10m2Organizational.1-10.m hipaa-0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 0710.10m2Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0711.10m2Organizational.23-10.m hipaa-0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0711.10m2Organizational.23-10.m hipaa-0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center hipaa 0711.10m2Organizational.23-10.m hipaa-0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0711.10m2Organizational.23-10.m hipaa-0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 0711.10m2Organizational.23-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 0712.10m2Organizational.4-10.m hipaa-0712.10m2Organizational.4-10.m 0712.10m2Organizational.4-10.m 0712.10m2Organizational.4-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance hipaa 0712.10m2Organizational.4-10.m hipaa-0712.10m2Organizational.4-10.m 0712.10m2Organizational.4-10.m 0712.10m2Organizational.4-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance hipaa 0713.10m2Organizational.5-10.m hipaa-0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 0713.10m2Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance hipaa 0714.10m2Organizational.7-10.m hipaa-0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 0714.10m2Organizational.7-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center hipaa 0715.10m2Organizational.8-10.m hipaa-0715.10m2Organizational.8-10.m 0715.10m2Organizational.8-10.m 0715.10m2Organizational.8-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center hipaa 0716.10m3Organizational.1-10.m hipaa-0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 0716.10m3Organizational.1-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0717.10m3Organizational.2-10.m hipaa-0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0717.10m3Organizational.2-10.m hipaa-0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center hipaa 0717.10m3Organizational.2-10.m hipaa-0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 0717.10m3Organizational.2-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0718.10m3Organizational.34-10.m hipaa-0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance hipaa 0718.10m3Organizational.34-10.m hipaa-0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center hipaa 0718.10m3Organizational.34-10.m hipaa-0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0718.10m3Organizational.34-10.m hipaa-0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 0718.10m3Organizational.34-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0719.10m3Organizational.5-10.m hipaa-0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0719.10m3Organizational.5-10.m hipaa-0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL hipaa 0719.10m3Organizational.5-10.m hipaa-0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 0719.10m3Organizational.5-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0720.07a1Organizational.4-07.a hipaa-0720.07a1Organizational.4-07.a 0720.07a1Organizational.4-07.a 0720.07a1Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 0720.07a1Organizational.4-07.a hipaa-0720.07a1Organizational.4-07.a 0720.07a1Organizational.4-07.a 0720.07a1Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance hipaa 0722.07a1Organizational.67-07.a hipaa-0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance hipaa 0722.07a1Organizational.67-07.a hipaa-0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance hipaa 0722.07a1Organizational.67-07.a hipaa-0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance hipaa 0723.07a1Organizational.8-07.a hipaa-0723.07a1Organizational.8-07.a 0723.07a1Organizational.8-07.a 0723.07a1Organizational.8-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 0725.07a3Organizational.5-07.a hipaa-0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 0725.07a3Organizational.5-07.a hipaa-0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 0725.07a3Organizational.5-07.a hipaa-0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 0725.07a3Organizational.5-07.a 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance hipaa 0733.10b2System.4-10.b hipaa-0733.10b2System.4-10.b 0733.10b2System.4-10.b 0733.10b2System.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0733.10b2System.4-10.b hipaa-0733.10b2System.4-10.b 0733.10b2System.4-10.b 0733.10b2System.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0786.10m2Organizational.13-10.m hipaa-0786.10m2Organizational.13-10.m 0786.10m2Organizational.13-10.m 0786.10m2Organizational.13-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance hipaa 0787.10m2Organizational.14-10.m hipaa-0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance hipaa 0787.10m2Organizational.14-10.m hipaa-0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance hipaa 0787.10m2Organizational.14-10.m hipaa-0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance hipaa 0787.10m2Organizational.14-10.m hipaa-0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 0787.10m2Organizational.14-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance hipaa 0788.10m3Organizational.20-10.m hipaa-0788.10m3Organizational.20-10.m 0788.10m3Organizational.20-10.m 0788.10m3Organizational.20-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 0790.10m3Organizational.22-10.m hipaa-0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 0790.10m3Organizational.22-10.m 10.06 Technical Vulnerability Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 0791.10b2Organizational.4-10.b hipaa-0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 0791.10b2Organizational.4-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0805.01m1Organizational.12-01.m hipaa-0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 0805.01m1Organizational.12-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network hipaa 0806.01m2Organizational.12356-01.m hipaa-0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 0806.01m2Organizational.12356-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0808.10b2System.3-10.b hipaa-0808.10b2System.3-10.b 0808.10b2System.3-10.b 0808.10b2System.3-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0808.10b2System.3-10.b hipaa-0808.10b2System.3-10.b 0808.10b2System.3-10.b 0808.10b2System.3-10.b 10.02 Correct Processing in Applications HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0809.01n2Organizational.1234-01.n hipaa-0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 0809.01n2Organizational.1234-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center hipaa 0810.01n2Organizational.5-01.n hipaa-0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 0810.01n2Organizational.5-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 08101.09m2Organizational.14-09.m hipaa-08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 08101.09m2Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 08102.09nCSPOrganizational.1-09.n hipaa-08102.09nCSPOrganizational.1-09.n 08102.09nCSPOrganizational.1-09.n 08102.09nCSPOrganizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 08102.09nCSPOrganizational.1-09.n hipaa-08102.09nCSPOrganizational.1-09.n 08102.09nCSPOrganizational.1-09.n 08102.09nCSPOrganizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0811.01n2Organizational.6-01.n hipaa-0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 0811.01n2Organizational.6-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0812.01n2Organizational.8-01.n hipaa-0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 0812.01n2Organizational.8-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0814.01n1Organizational.12-01.n hipaa-0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 0814.01n1Organizational.12-01.n 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0815.01o2Organizational.123-01.o hipaa-0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0815.01o2Organizational.123-01.o hipaa-0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0815.01o2Organizational.123-01.o hipaa-0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0815.01o2Organizational.123-01.o hipaa-0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 0815.01o2Organizational.123-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 0816.01w1System.1-01.w hipaa-0816.01w1System.1-01.w 0816.01w1System.1-01.w 0816.01w1System.1-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 0817.01w2System.123-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance hipaa 0818.01w3System.12-01.w hipaa-0818.01w3System.12-01.w 0818.01w3System.12-01.w 0818.01w3System.12-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance hipaa 0818.01w3System.12-01.w hipaa-0818.01w3System.12-01.w 0818.01w3System.12-01.w 0818.01w3System.12-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance hipaa 0818.01w3System.12-01.w hipaa-0818.01w3System.12-01.w 0818.01w3System.12-01.w 0818.01w3System.12-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance hipaa 0818.01w3System.12-01.w hipaa-0818.01w3System.12-01.w 0818.01w3System.12-01.w 0818.01w3System.12-01.w 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance hipaa 0819.09m1Organizational.23-09.m hipaa-0819.09m1Organizational.23-09.m 0819.09m1Organizational.23-09.m 0819.09m1Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0819.09m1Organizational.23-09.m hipaa-0819.09m1Organizational.23-09.m 0819.09m1Organizational.23-09.m 0819.09m1Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0821.09m2Organizational.2-09.m hipaa-0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 0821.09m2Organizational.2-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0822.09m2Organizational.4-09.m hipaa-0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 0822.09m2Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0825.09m3Organizational.23-09.m hipaa-0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 0825.09m3Organizational.23-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0826.09m3Organizational.45-09.m hipaa-0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0826.09m3Organizational.45-09.m hipaa-0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0826.09m3Organizational.45-09.m hipaa-0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 0826.09m3Organizational.45-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance hipaa 0828.09m3Organizational.8-09.m hipaa-0828.09m3Organizational.8-09.m 0828.09m3Organizational.8-09.m 0828.09m3Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0829.09m3Organizational.911-09.m hipaa-0829.09m3Organizational.911-09.m 0829.09m3Organizational.911-09.m 0829.09m3Organizational.911-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0829.09m3Organizational.911-09.m hipaa-0829.09m3Organizational.911-09.m 0829.09m3Organizational.911-09.m 0829.09m3Organizational.911-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 0830.09m3Organizational.1012-09.m hipaa-0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 0830.09m3Organizational.1012-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance hipaa 0832.09m3Organizational.14-09.m hipaa-0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0832.09m3Organizational.14-09.m hipaa-0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0832.09m3Organizational.14-09.m hipaa-0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 0832.09m3Organizational.14-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring hipaa 0836.09.n2Organizational.1-09.n hipaa-0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0836.09.n2Organizational.1-09.n hipaa-0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0836.09.n2Organizational.1-09.n hipaa-0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance hipaa 0836.09.n2Organizational.1-09.n hipaa-0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 0836.09.n2Organizational.1-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 0837.09.n2Organizational.2-09.n hipaa-0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 0837.09.n2Organizational.2-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0850.01o1Organizational.12-01.o hipaa-0850.01o1Organizational.12-01.o 0850.01o1Organizational.12-01.o 0850.01o1Organizational.12-01.o 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0858.09m1Organizational.4-09.m hipaa-0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 0858.09m1Organizational.4-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0859.09m1Organizational.78-09.m hipaa-0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 0859.09m1Organizational.78-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Deploy Diagnostic Settings for Network Security Groups Monitoring hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0860.09m1Organizational.9-09.m hipaa-0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 0860.09m1Organizational.9-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration hipaa 0861.09m2Organizational.67-09.m hipaa-0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 0861.09m2Organizational.67-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0862.09m2Organizational.8-09.m hipaa-0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0862.09m2Organizational.8-09.m hipaa-0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0862.09m2Organizational.8-09.m hipaa-0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network hipaa 0862.09m2Organizational.8-09.m hipaa-0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 0862.09m2Organizational.8-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 0863.09m2Organizational.910-09.m hipaa-0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 0863.09m2Organizational.910-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network hipaa 0864.09m2Organizational.12-09.m hipaa-0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0864.09m2Organizational.12-09.m hipaa-0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0864.09m2Organizational.12-09.m hipaa-0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance hipaa 0864.09m2Organizational.12-09.m hipaa-0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 0864.09m2Organizational.12-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance hipaa 0865.09m2Organizational.13-09.m hipaa-0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 0865.09m2Organizational.13-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 0866.09m3Organizational.1516-09.m hipaa-0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 0866.09m3Organizational.1516-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network hipaa 0867.09m3Organizational.17-09.m hipaa-0867.09m3Organizational.17-09.m 0867.09m3Organizational.17 - 09.m Wireless access points are placed in secure areas and shut down when not in use (e.g. nights, weekends). HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0868.09m3Organizational.18-09.m hipaa-0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 0868.09m3Organizational.18-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance hipaa 0869.09m3Organizational.19-09.m hipaa-0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 0869.09m3Organizational.19-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0870.09m3Organizational.20-09.m hipaa-0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 0870.09m3Organizational.20-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 0871.09m3Organizational.22-09.m hipaa-0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0871.09m3Organizational.22-09.m hipaa-0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance hipaa 0871.09m3Organizational.22-09.m hipaa-0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance hipaa 0871.09m3Organizational.22-09.m hipaa-0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 0871.09m3Organizational.22-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring hipaa 0885.09n2Organizational.3-09.n hipaa-0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 0885.09n2Organizational.3-09.n hipaa-0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 0885.09n2Organizational.3-09.n hipaa-0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 0885.09n2Organizational.3-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance hipaa 0886.09n2Organizational.4-09.n hipaa-0886.09n2Organizational.4-09.n 0886.09n2Organizational.4-09.n 0886.09n2Organizational.4-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network hipaa 0886.09n2Organizational.4-09.n hipaa-0886.09n2Organizational.4-09.n 0886.09n2Organizational.4-09.n 0886.09n2Organizational.4-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring hipaa 0887.09n2Organizational.5-09.n hipaa-0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0887.09n2Organizational.5-09.n hipaa-0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance hipaa 0887.09n2Organizational.5-09.n hipaa-0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 0887.09n2Organizational.5-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 0888.09n2Organizational.6-09.n hipaa-0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 0888.09n2Organizational.6-09.n 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center hipaa 0894.01m2Organizational.7-01.m hipaa-0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 0894.01m2Organizational.7-01.m 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance hipaa 0901.09s1Organizational.1-09.s hipaa-0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 0901.09s1Organizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance hipaa 0902.09s2Organizational.13-09.s hipaa-0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 0902.09s2Organizational.13-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0903.10f1Organizational.1-10.f hipaa-0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0903.10f1Organizational.1-10.f hipaa-0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0903.10f1Organizational.1-10.f hipaa-0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 0903.10f1Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 0904.10f2Organizational.1-10.f hipaa-0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 0904.10f2Organizational.1-10.f 10.03 Cryptographic Controls HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 0912.09s1Organizational.4-09.s hipaa-0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 0912.09s1Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0913.09s1Organizational.5-09.s hipaa-0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 0913.09s1Organizational.5-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance hipaa 0914.09s1Organizational.6-09.s hipaa-0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 0914.09s1Organizational.6-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service hipaa 0915.09s2Organizational.2-09.s hipaa-0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance hipaa 0915.09s2Organizational.2-09.s hipaa-0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 0915.09s2Organizational.2-09.s hipaa-0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0915.09s2Organizational.2-09.s hipaa-0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 0915.09s2Organizational.2-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0916.09s2Organizational.4-09.s hipaa-0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 0916.09s2Organizational.4-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance hipaa 0926.09v1Organizational.2-09.v hipaa-0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 0926.09v1Organizational.2-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 0927.09v1Organizational.3-09.v hipaa-0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 0927.09v1Organizational.3-09.v hipaa-0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 0927.09v1Organizational.3-09.v hipaa-0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 0927.09v1Organizational.3-09.v hipaa-0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 0927.09v1Organizational.3-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0928.09v1Organizational.45-09.v hipaa-0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 0928.09v1Organizational.45-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0929.09v1Organizational.6-09.v hipaa-0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 0929.09v1Organizational.6-09.v 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 0943.09y1Organizational.1-09.y hipaa-0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0943.09y1Organizational.1-09.y hipaa-0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0943.09y1Organizational.1-09.y hipaa-0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
18e7906d-4197-20fa-2f14-aaac21864e71 Document process to ensure integrity of PII Regulatory Compliance hipaa 0943.09y1Organizational.1-09.y hipaa-0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 0943.09y1Organizational.1-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 0944.09y1Organizational.2-09.y hipaa-0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 0944.09y1Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration hipaa 0945.09y1Organizational.3-09.y hipaa-0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 0945.09y1Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 0946.09y2Organizational.14-09.y hipaa-0946.09y2Organizational.14-09.y 0946.09y2Organizational.14 - 09.y The organization requires the use of encryption between, and the use of electronic signatures by, each of the parties involved in the transaction. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance hipaa 0948.09y2Organizational.3-09.y hipaa-0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 0949.09y2Organizational.5-09.y hipaa-0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 0949.09y2Organizational.5-09.y 09.09 Electronic Commerce Services HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 0960.09sCSPOrganizational.1-09.s hipaa-0960.09sCSPOrganizational.1-09.s 0960.09sCSPOrganizational.1-09.s 0960.09sCSPOrganizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service hipaa 0960.09sCSPOrganizational.1-09.s hipaa-0960.09sCSPOrganizational.1-09.s 0960.09sCSPOrganizational.1-09.s 0960.09sCSPOrganizational.1-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 099.09m2Organizational.11-09.m hipaa-099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 099.09m2Organizational.11-09.m hipaa-099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance hipaa 099.09m2Organizational.11-09.m hipaa-099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 099.09m2Organizational.11-09.m 09.06 Network Security Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance hipaa 1002.01d1System.1-01.d hipaa-1002.01d1System.1-01.d 1002.01d1System.1-01.d 1002.01d1System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 1002.01d1System.1-01.d hipaa-1002.01d1System.1-01.d 1002.01d1System.1-01.d 1002.01d1System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1003.01d1System.3-01.d hipaa-1003.01d1System.3-01.d 1003.01d1System.3-01.d 1003.01d1System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1003.01d1System.3-01.d hipaa-1003.01d1System.3-01.d 1003.01d1System.3-01.d 1003.01d1System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 1003.01d1System.3-01.d hipaa-1003.01d1System.3-01.d 1003.01d1System.3-01.d 1003.01d1System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1004.01d1System.8913-01.d hipaa-1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 1004.01d1System.8913-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance hipaa 1005.01d1System.1011-01.d hipaa-1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 1005.01d1System.1011-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 1007.01d2System.2-01.d hipaa-1007.01d2System.2-01.d 1007.01d2System.2-01.d 1007.01d2System.2-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1008.01d2System.3-01.d hipaa-1008.01d2System.3-01.d 1008.01d2System.3-01.d 1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1009.01d2System.4-01.d hipaa-1009.01d2System.4-01.d 1009.01d2System.4-01.d 1009.01d2System.4-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1009.01d2System.4-01.d hipaa-1009.01d2System.4-01.d 1009.01d2System.4-01.d 1009.01d2System.4-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1009.01d2System.4-01.d hipaa-1009.01d2System.4-01.d 1009.01d2System.4-01.d 1009.01d2System.4-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1009.01d2System.4-01.d hipaa-1009.01d2System.4-01.d 1009.01d2System.4-01.d 1009.01d2System.4-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1014.01d1System.12-01.d hipaa-1014.01d1System.12-01.d 1014.01d1System.12-01.d 1014.01d1System.12-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 1015.01d1System.14-01.d hipaa-1015.01d1System.14-01.d 1015.01d1System.14-01.d 1015.01d1System.14-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1015.01d1System.14-01.d hipaa-1015.01d1System.14-01.d 1015.01d1System.14-01.d 1015.01d1System.14-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1015.01d1System.14-01.d hipaa-1015.01d1System.14-01.d 1015.01d1System.14-01.d 1015.01d1System.14-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1015.01d1System.14-01.d hipaa-1015.01d1System.14-01.d 1015.01d1System.14-01.d 1015.01d1System.14-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1022.01d1System.15-01.d hipaa-1022.01d1System.15-01.d 1022.01d1System.15-01.d 1022.01d1System.15-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance hipaa 1031.01d1System.34510-01.d hipaa-1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 1031.01d1System.34510-01.d 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1106.01b1System.1-01.b hipaa-1106.01b1System.1-01.b 1106.01b1System.1-01.b 1106.01b1System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1107.01b1System.2-01.b hipaa-1107.01b1System.2-01.b 1107.01b1System.2-01.b 1107.01b1System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1107.01b1System.2-01.b hipaa-1107.01b1System.2-01.b 1107.01b1System.2-01.b 1107.01b1System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1107.01b1System.2-01.b hipaa-1107.01b1System.2-01.b 1107.01b1System.2-01.b 1107.01b1System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 1107.01b1System.2-01.b hipaa-1107.01b1System.2-01.b 1107.01b1System.2-01.b 1107.01b1System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 1108.01b1System.3-01.b hipaa-1108.01b1System.3-01.b 1108.01b1System.3-01.b 1108.01b1System.3-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1108.01b1System.3-01.b hipaa-1108.01b1System.3-01.b 1108.01b1System.3-01.b 1108.01b1System.3-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1108.01b1System.3-01.b hipaa-1108.01b1System.3-01.b 1108.01b1System.3-01.b 1108.01b1System.3-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 1108.01b1System.3-01.b hipaa-1108.01b1System.3-01.b 1108.01b1System.3-01.b 1108.01b1System.3-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1109.01b1System.479-01.b hipaa-1109.01b1System.479-01.b 1109.01b1System.479-01.b 1109.01b1System.479-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1110.01b1System.5-01.b hipaa-1110.01b1System.5-01.b 1110.01b1System.5-01.b 1110.01b1System.5-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance hipaa 11109.01q1Organizational.57-01.q hipaa-11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 11109.01q1Organizational.57-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1111.01b2System.1-01.b hipaa-1111.01b2System.1-01.b 1111.01b2System.1-01.b 1111.01b2System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 1111.01b2System.1-01.b hipaa-1111.01b2System.1-01.b 1111.01b2System.1-01.b 1111.01b2System.1-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center hipaa 11110.01q1Organizational.6-01.q hipaa-11110.01q1Organizational.6-01.q 11110.01q1Organizational.6 - 01.q Non-organizational users (all information system users other than organizational users, such as patients, customers, contractors, or foreign nationals), or processes acting on behalf of non-organizational users, determined to need access to information residing on the organization's information systems, are uniquely identified and authenticated. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 11111.01q2System.4-01.q hipaa-11111.01q2System.4-01.q 11111.01q2System.4-01.q 11111.01q2System.4-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance hipaa 11111.01q2System.4-01.q hipaa-11111.01q2System.4-01.q 11111.01q2System.4-01.q 11111.01q2System.4-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 11111.01q2System.4-01.q hipaa-11111.01q2System.4-01.q 11111.01q2System.4-01.q 11111.01q2System.4-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center hipaa 11111.01q2System.4-01.q hipaa-11111.01q2System.4-01.q 11111.01q2System.4-01.q 11111.01q2System.4-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance hipaa 11112.01q2Organizational.67-01.q hipaa-11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 11112.01q2Organizational.67-01.q hipaa-11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center hipaa 11112.01q2Organizational.67-01.q hipaa-11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 11112.01q2Organizational.67-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1112.01b2System.2-01.b hipaa-1112.01b2System.2-01.b 1112.01b2System.2-01.b 1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance hipaa 11126.01t1Organizational.12-01.t hipaa-11126.01t1Organizational.12-01.t 11126.01t1Organizational.12-01.t 11126.01t1Organizational.12-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance hipaa 1114.01h1Organizational.123-01.h hipaa-1114.01h1Organizational.123-01.h 1114.01h1Organizational.123-01.h 1114.01h1Organizational.123-01.h 01.03 User Responsibilities HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance hipaa 1114.01h1Organizational.123-01.h hipaa-1114.01h1Organizational.123-01.h 1114.01h1Organizational.123-01.h 1114.01h1Organizational.123-01.h 01.03 User Responsibilities HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 11154.02i1Organizational.5-02.i hipaa-11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 11154.02i1Organizational.5-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 11155.02i2Organizational.2-02.i hipaa-11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 11155.02i2Organizational.2-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center hipaa 1116.01j1Organizational.145-01.j hipaa-1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 1116.01j1Organizational.145-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center hipaa 1117.01j1Organizational.23-01.j hipaa-1117.01j1Organizational.23-01.j 1117.01j1Organizational.23 - 01.j Remote access by vendors and business partners (e.g., for remote maintenance) is disabled/deactivated when not in use. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 1118.01j2Organizational.124-01.j hipaa-1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 1118.01j2Organizational.124-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 11180.01c3System.6-01.c hipaa-11180.01c3System.6-01.c 11180.01c3System.6-01.c 11180.01c3System.6-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 11190.01t1Organizational.3-01.t hipaa-11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 11190.01t1Organizational.3-01.t 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring hipaa 1120.09ab3System.9-09.ab hipaa-1120.09ab3System.9-09.ab 1120.09ab3System.9-09.ab 1120.09ab3System.9-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center hipaa 11208.01q1Organizational.8-01.q hipaa-11208.01q1Organizational.8-01.q 11208.01q1Organizational.8 - 01.q The organization requires that electronic signatures, unique to one individual, cannot be reused by, or reassigned to, anyone else. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 1121.01j3Organizational.2-01.j hipaa-1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 1121.01j3Organizational.2-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration hipaa 11210.01q2Organizational.10-01.q hipaa-11210.01q2Organizational.10-01.q 11210.01q2Organizational.10 - 01.q Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration hipaa 11211.01q2Organizational.11-01.q hipaa-11211.01q2Organizational.11-01.q 11211.01q2Organizational.11 - 01.q Signed electronic records shall contain information associated with the signing in human-readable format. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 11219.01b1Organizational.10-01.b hipaa-11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 11219.01b1Organizational.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 1122.01q1System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 11220.01b1System.10-01.b hipaa-11220.01b1System.10-01.b 11220.01b1System.10-01.b 11220.01b1System.10-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration hipaa 1123.01q1System.2-01.q hipaa-1123.01q1System.2-01.q 1123.01q1System.2-01.q 1123.01q1System.2-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 1124.01q1System.34-01.q hipaa-1124.01q1System.34-01.q 1124.01q1System.34-01.q 1124.01q1System.34-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1124.01q1System.34-01.q hipaa-1124.01q1System.34-01.q 1124.01q1System.34-01.q 1124.01q1System.34-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration hipaa 1125.01q2System.1-01.q hipaa-1125.01q2System.1-01.q 1125.01q2System.1-01.q 1125.01q2System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1125.01q2System.1-01.q hipaa-1125.01q2System.1-01.q 1125.01q2System.1-01.q 1125.01q2System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1125.01q2System.1-01.q hipaa-1125.01q2System.1-01.q 1125.01q2System.1-01.q 1125.01q2System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1125.01q2System.1-01.q hipaa-1125.01q2System.1-01.q 1125.01q2System.1-01.q 1125.01q2System.1-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration hipaa 1127.01q2System.3-01.q hipaa-1127.01q2System.3-01.q 1127.01q2System.3-01.q 1127.01q2System.3-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance hipaa 1127.01q2System.3-01.q hipaa-1127.01q2System.3-01.q 1127.01q2System.3-01.q 1127.01q2System.3-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1128.01q2System.5-01.q hipaa-1128.01q2System.5-01.q 1128.01q2System.5-01.q 1128.01q2System.5-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1128.01q2System.5-01.q hipaa-1128.01q2System.5-01.q 1128.01q2System.5-01.q 1128.01q2System.5-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1128.01q2System.5-01.q hipaa-1128.01q2System.5-01.q 1128.01q2System.5-01.q 1128.01q2System.5-01.q 01.05 Operating System Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1129.01v1System.12-01.v hipaa-1129.01v1System.12-01.v 1129.01v1System.12-01.v 1129.01v1System.12-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 1130.01v2System.1-01.v hipaa-1130.01v2System.1-01.v 1130.01v2System.1-01.v 1130.01v2System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 1131.01v2System.2-01.v hipaa-1131.01v2System.2-01.v 1131.01v2System.2-01.v 1131.01v2System.2-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 1132.01v2System.3-01.v hipaa-1132.01v2System.3-01.v 1132.01v2System.3-01.v 1132.01v2System.3-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 1132.01v2System.3-01.v hipaa-1132.01v2System.3-01.v 1132.01v2System.3-01.v 1132.01v2System.3-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance hipaa 1133.01v2System.4-01.v hipaa-1133.01v2System.4-01.v 1133.01v2System.4-01.v 1133.01v2System.4-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 1134.01v3System.1-01.v hipaa-1134.01v3System.1-01.v 1134.01v3System.1-01.v 1134.01v3System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance hipaa 1134.01v3System.1-01.v hipaa-1134.01v3System.1-01.v 1134.01v3System.1-01.v 1134.01v3System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 1134.01v3System.1-01.v hipaa-1134.01v3System.1-01.v 1134.01v3System.1-01.v 1134.01v3System.1-01.v 01.06 Application and Information Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 1135.02i1Organizational.1234-02.i hipaa-1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 1135.02i1Organizational.1234-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance hipaa 1136.02i2Organizational.1-02.i hipaa-1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 1136.02i2Organizational.1-02.i 02.04 Termination or Change of Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1137.06e1Organizational.1-06.e hipaa-1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 1137.06e1Organizational.1-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance hipaa 1139.01b1System.68-01.b hipaa-1139.01b1System.68-01.b 1139.01b1System.68-01.b 1139.01b1System.68-01.b 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1143.01c1System.123-01.c hipaa-1143.01c1System.123-01.c 1143.01c1System.123-01.c 1143.01c1System.123-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1144.01c1System.4-01.c hipaa-1144.01c1System.4-01.c 1144.01c1System.4-01.c 1144.01c1System.4-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1145.01c2System.1-01.c hipaa-1145.01c2System.1-01.c 1145.01c2System.1-01.c 1145.01c2System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1146.01c2System.23-01.c hipaa-1146.01c2System.23-01.c 1146.01c2System.23-01.c 1146.01c2System.23-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1147.01c2System.456-01.c hipaa-1147.01c2System.456-01.c 1147.01c2System.456-01.c 1147.01c2System.456-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1148.01c2System.78-01.c hipaa-1148.01c2System.78-01.c 1148.01c2System.78-01.c 1148.01c2System.78-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center hipaa 1149.01c2System.9-01.c hipaa-1149.01c2System.9-01.c 1149.01c2System.9 - 01.c The organization facilitates information sharing by enabling authorized users to determine a business partner's access when discretion is allowed as defined by the organization and by employing manual processes or automated mechanisms to assist users in making information sharing/collaboration decisions. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance hipaa 1150.01c2System.10-01.c hipaa-1150.01c2System.10-01.c 1150.01c2System.10-01.c 1150.01c2System.10-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1151.01c3System.1-01.c hipaa-1151.01c3System.1-01.c 1151.01c3System.1-01.c 1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1152.01c3System.2-01.c hipaa-1152.01c3System.2-01.c 1152.01c3System.2-01.c 1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1153.01c3System.35-01.c hipaa-1153.01c3System.35-01.c 1153.01c3System.35-01.c 1153.01c3System.35-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center hipaa 1153.01c3System.35-01.c hipaa-1153.01c3System.35-01.c 1153.01c3System.35-01.c 1153.01c3System.35-01.c 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center hipaa 1154.01c3System.4-01.c hipaa-1154.01c3System.4-01.c 1154.01c3System.4 - 01.c Contractors are provided with minimal system and physical access only after the organization assesses the contractor's ability to comply with its security requirements and the contractor agrees to comply. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance hipaa 1166.01e1System.12-01.e hipaa-1166.01e1System.12-01.e 1166.01e1System.12-01.e 1166.01e1System.12-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance hipaa 1167.01e2System.1-01.e hipaa-1167.01e2System.1-01.e 1167.01e2System.1-01.e 1167.01e2System.1-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance hipaa 1167.01e2System.1-01.e hipaa-1167.01e2System.1-01.e 1167.01e2System.1-01.e 1167.01e2System.1-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1168.01e2System.2-01.e hipaa-1168.01e2System.2-01.e 1168.01e2System.2-01.e 1168.01e2System.2-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance hipaa 1168.01e2System.2-01.e hipaa-1168.01e2System.2-01.e 1168.01e2System.2-01.e 1168.01e2System.2-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance hipaa 1168.01e2System.2-01.e hipaa-1168.01e2System.2-01.e 1168.01e2System.2-01.e 1168.01e2System.2-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1168.01e2System.2-01.e hipaa-1168.01e2System.2-01.e 1168.01e2System.2-01.e 1168.01e2System.2-01.e 01.02 Authorized Access to Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center hipaa 1173.01j1Organizational.6-01.j hipaa-1173.01j1Organizational.6-01.j 1173.01j1Organizational.6 - 01.j If encryption is not used for dial-up connections, the CIO or his/her designated representative provides specific written authorization. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center hipaa 1174.01j1Organizational.7-01.j hipaa-1174.01j1Organizational.7-01.j 1174.01j1Organizational.7 - 01.j The organization protects wireless access to systems containing sensitive information by authenticating both users and devices. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance hipaa 1175.01j1Organizational.8-01.j hipaa-1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 1175.01j1Organizational.8-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center hipaa 1176.01j2Organizational.5-01.j hipaa-1176.01j2Organizational.5-01.j 1176.01j2Organizational.5 - 01.j The organization requires a callback capability with re-authentication to verify dial-up connections from authorized locations. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center hipaa 1177.01j2Organizational.6-01.j hipaa-1177.01j2Organizational.6-01.j 1177.01j2Organizational.6 - 01.j User IDs assigned to vendors are reviewed in accordance with the organization's access review policy, at a minimum annually. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center hipaa 1178.01j2Organizational.7-01.j hipaa-1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance hipaa 1178.01j2Organizational.7-01.j hipaa-1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1178.01j2Organizational.7-01.j hipaa-1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1178.01j2Organizational.7-01.j hipaa-1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 1178.01j2Organizational.7-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 1179.01j3Organizational.1-01.j hipaa-1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 1179.01j3Organizational.1-01.j 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1192.01l1Organizational.1-01.l hipaa-1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 1192.01l1Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1193.01l2Organizational.13-01.l hipaa-1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 1193.01l2Organizational.13-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service hipaa 1194.01l2Organizational.2-01.l hipaa-1194.01l2Organizational.2-01.l 1194.01l2Organizational.2-01.l 1194.01l2Organizational.2-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service hipaa 1195.01l3Organizational.1-01.l hipaa-1195.01l3Organizational.1-01.l 1195.01l3Organizational.1-01.l 1195.01l3Organizational.1-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center hipaa 1197.01l3Organizational.3-01.l hipaa-1197.01l3Organizational.3-01.l 1197.01l3Organizational.3-01.l 1197.01l3Organizational.3-01.l 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance hipaa 1201.06e1Organizational.2-06.e hipaa-1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 1201.06e1Organizational.2-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center hipaa 1202.09aa1System.1-09.aa hipaa-1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake hipaa 1202.09aa1System.1-09.aa hipaa-1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1202.09aa1System.1-09.aa hipaa-1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance hipaa 1202.09aa1System.1-09.aa hipaa-1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1202.09aa1System.1-09.aa hipaa-1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 1202.09aa1System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1203.09aa1System.2-09.aa hipaa-1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps hipaa 1203.09aa1System.2-09.aa hipaa-1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1203.09aa1System.2-09.aa hipaa-1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 1203.09aa1System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things hipaa 1204.09aa1System.3-09.aa hipaa-1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1204.09aa1System.3-09.aa hipaa-1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1204.09aa1System.3-09.aa hipaa-1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance hipaa 1204.09aa1System.3-09.aa hipaa-1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 1204.09aa1System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance hipaa 1205.09aa2System.1-09.aa hipaa-1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 1205.09aa2System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance hipaa 1206.09aa2System.23-09.aa hipaa-1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 1206.09aa2System.23-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics hipaa 1207.09aa2System.4-09.aa hipaa-1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 1207.09aa2System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 1208.09aa3System.1-09.aa hipaa-1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 1208.09aa3System.1-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1209.09aa3System.2-09.aa hipaa-1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1209.09aa3System.2-09.aa hipaa-1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service hipaa 1209.09aa3System.2-09.aa hipaa-1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 1209.09aa3System.2-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1210.09aa3System.3-09.aa hipaa-1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 1210.09aa3System.3-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring hipaa 12100.09ab2System.15-09.ab hipaa-12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance hipaa 12100.09ab2System.15-09.ab hipaa-12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 12100.09ab2System.15-09.ab hipaa-12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 12100.09ab2System.15-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 12102.09ab1Organizational.4-09.ab hipaa-12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 12102.09ab1Organizational.4-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 12103.09ab1Organizational.5-09.ab hipaa-12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 12103.09ab1Organizational.5-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 1211.09aa3System.4-09.aa hipaa-1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 1211.09aa3System.4-09.aa 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance hipaa 1212.09ab1System.1-09.ab hipaa-1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance hipaa 1212.09ab1System.1-09.ab hipaa-1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring hipaa 1212.09ab1System.1-09.ab hipaa-1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 1212.09ab1System.1-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center hipaa 1213.09ab2System.128-09.ab hipaa-1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 1213.09ab2System.128-09.ab hipaa-1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1213.09ab2System.128-09.ab hipaa-1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 1213.09ab2System.128-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1214.09ab2System.3456-09.ab hipaa-1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 1214.09ab2System.3456-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance hipaa 1215.09ab2System.7-09.ab hipaa-1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance hipaa 1215.09ab2System.7-09.ab hipaa-1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring hipaa 1215.09ab2System.7-09.ab hipaa-1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1215.09ab2System.7-09.ab hipaa-1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 1215.09ab2System.7-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance hipaa 1219.09ab3System.10-09.ab hipaa-1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring hipaa 1219.09ab3System.10-09.ab hipaa-1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance hipaa 1219.09ab3System.10-09.ab hipaa-1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1219.09ab3System.10-09.ab hipaa-1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 1219.09ab3System.10-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance hipaa 1220.09ab3System.56-09.ab hipaa-1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 1220.09ab3System.56-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1229.09c1Organizational.1-09.c hipaa-1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center hipaa 1229.09c1Organizational.1-09.c hipaa-1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1229.09c1Organizational.1-09.c hipaa-1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1229.09c1Organizational.1-09.c hipaa-1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 1229.09c1Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance hipaa 1230.09c2Organizational.1-09.c hipaa-1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 1230.09c2Organizational.1-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1231.09c2Organizational.23-09.c hipaa-1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1231.09c2Organizational.23-09.c hipaa-1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1231.09c2Organizational.23-09.c hipaa-1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 1231.09c2Organizational.23-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1232.09c3Organizational.12-09.c hipaa-1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1233.09c3Organizational.3-09.c hipaa-1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1233.09c3Organizational.3-09.c hipaa-1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1233.09c3Organizational.3-09.c hipaa-1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 1233.09c3Organizational.3-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1270.09ad1System.12-09.ad hipaa-1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 1270.09ad1System.12-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1271.09ad1System.1-09.ad hipaa-1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 1271.09ad1System.1-09.ad 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1271.09ad2System.1 hipaa-1271.09ad2System.1 1271.09ad2System.1 1271.09ad2System.1 09.10 Monitoring HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance hipaa 1276.09c2Organizational.2-09.c hipaa-1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1277.09c2Organizational.4-09.c hipaa-1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1277.09c2Organizational.4-09.c hipaa-1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1277.09c2Organizational.4-09.c hipaa-1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration hipaa 1277.09c2Organizational.4-09.c hipaa-1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 1277.09c2Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1278.09c2Organizational.56-09.c hipaa-1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1278.09c2Organizational.56-09.c hipaa-1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1278.09c2Organizational.56-09.c hipaa-1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 1278.09c2Organizational.56-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1279.09c3Organizational.4-09.c hipaa-1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1279.09c3Organizational.4-09.c hipaa-1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1279.09c3Organizational.4-09.c hipaa-1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 1279.09c3Organizational.4-09.c 09.01 Documented Operating Procedures HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1301.02e1Organizational.12-02.e hipaa-1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 1301.02e1Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
015b4935-448a-8684-27c0-d13086356c33 Implement a threat awareness program Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1303.02e2Organizational.2-02.e hipaa-1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 1303.02e2Organizational.2-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1304.02e3Organizational.1-02.e hipaa-1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 1304.02e3Organizational.1-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1305.02e3Organizational.23-02.e hipaa-1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance hipaa 1305.02e3Organizational.23-02.e hipaa-1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance hipaa 1305.02e3Organizational.23-02.e hipaa-1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 1305.02e3Organizational.23-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1306.06e1Organizational.5-06.e hipaa-1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 1306.06e1Organizational.5-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1307.07c1Organizational.124-07.c hipaa-1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 1307.07c1Organizational.124-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1308.09j1Organizational.5-09.j hipaa-1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 1308.09j1Organizational.5-09.j 09.04 Protection Against Malicious and Mobile Code HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1309.01x1System.36-01.x hipaa-1309.01x1System.36-01.x 1309.01x1System.36-01.x 1309.01x1System.36-01.x 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1310.01y1Organizational.9-01.y hipaa-1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 1310.01y1Organizational.9-01.y 01.07 Mobile Computing and Teleworking HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance hipaa 1311.12c2Organizational.3-12.c hipaa-1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1311.12c2Organizational.3-12.c hipaa-1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance hipaa 1311.12c2Organizational.3-12.c hipaa-1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 1311.12c2Organizational.3-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance hipaa 1313.02e1Organizational.3-02.e hipaa-1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1313.02e1Organizational.3-02.e hipaa-1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1313.02e1Organizational.3-02.e hipaa-1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 1313.02e1Organizational.3-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1314.02e2Organizational.5-02.e hipaa-1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1314.02e2Organizational.5-02.e hipaa-1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1314.02e2Organizational.5-02.e hipaa-1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1314.02e2Organizational.5-02.e hipaa-1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 1314.02e2Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1315.02e2Organizational.67-02.e hipaa-1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 1315.02e2Organizational.67-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1324.07c1Organizational.3-07.c hipaa-1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 1324.07c1Organizational.3-07.c 07.01 Responsibility for Assets HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance hipaa 1325.09s1Organizational.3-09.s hipaa-1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 1325.09s1Organizational.3-09.s 09.08 Exchange of Information HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1327.02e2Organizational.8-02.e hipaa-1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 1327.02e2Organizational.8-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1331.02e3Organizational.4-02.e hipaa-1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 1331.02e3Organizational.4-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1334.02e2Organizational.12-02.e hipaa-1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1334.02e2Organizational.12-02.e hipaa-1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance hipaa 1334.02e2Organizational.12-02.e hipaa-1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance hipaa 1334.02e2Organizational.12-02.e hipaa-1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 1334.02e2Organizational.12-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance hipaa 1336.02e1Organizational.5-02.e hipaa-1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 1336.02e1Organizational.5-02.e 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage hipaa 1401.05i1Organizational.1239-05.i hipaa-1401.05i1Organizational.1239-05.i 1401.05i1Organizational.1239 - 05.i Access to the organizations information and systems by external parties is not permitted until due diligence has been conducted, the appropriate controls have been implemented, and a contract/agreement reflecting the security requirements is signed acknowledging they understand and accept their obligations. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service hipaa 1402.05i1Organizational.45-05.i hipaa-1402.05i1Organizational.45-05.i 1402.05i1Organizational.45 - 05.i Remote access connections between the organization and external parties are encrypted. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service hipaa 1403.05i1Organizational.67-05.i hipaa-1403.05i1Organizational.67-05.i 1403.05i1Organizational.67 - 05.i Access granted to external parties is limited to the minimum necessary and granted only for the duration required. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance hipaa 1404.05i2Organizational.1-05.i hipaa-1404.05i2Organizational.1-05.i 1404.05i2Organizational.1-05.i 1404.05i2Organizational.1-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1406.05k1Organizational.110-05.k hipaa-1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 1406.05k1Organizational.110-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance hipaa 1407.05k2Organizational.1-05.k hipaa-1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 1407.05k2Organizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance hipaa 1408.09e1System.1-09.e hipaa-1408.09e1System.1-09.e 1408.09e1System.1-09.e 1408.09e1System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1409.09e2System.1-09.e hipaa-1409.09e2System.1-09.e 1409.09e2System.1-09.e 1409.09e2System.1-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1410.09e2System.23-09.e hipaa-1410.09e2System.23-09.e 1410.09e2System.23-09.e 1410.09e2System.23-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 1411.09f1System.1-09.f hipaa-1411.09f1System.1-09.f 1411.09f1System.1-09.f 1411.09f1System.1-09.f 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1416.10l1Organizational.1-10.l hipaa-1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 1416.10l1Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1417.10l2Organizational.1-10.l hipaa-1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 1417.10l2Organizational.1-10.l 10.05 Security In Development and Support Processes HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL hipaa 1418.05i1Organizational.8-05.i hipaa-1418.05i1Organizational.8-05.i 1418.05i1Organizational.8 - 05.i The identification of risks related to external party access takes into account a minimal set of specifically defined issues. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1419.05j1Organizational.12-05.j hipaa-1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 1419.05j1Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1421.05j2Organizational.12-05.j hipaa-1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 1421.05j2Organizational.12-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1422.05j2Organizational.3-05.j hipaa-1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 1422.05j2Organizational.3-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance hipaa 1423.05j2Organizational.4-05.j hipaa-1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 1423.05j2Organizational.4-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1429.05k1Organizational.34-05.k hipaa-1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 1429.05k1Organizational.34-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1430.05k1Organizational.56-05.k hipaa-1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 1430.05k1Organizational.56-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1431.05k1Organizational.7-05.k hipaa-1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 1431.05k1Organizational.7-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance hipaa 1432.05k1Organizational.89-05.k hipaa-1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 1432.05k1Organizational.89-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1438.09e2System.4-09.e hipaa-1438.09e2System.4-09.e 1438.09e2System.4-09.e 1438.09e2System.4-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance hipaa 1451.05iCSPOrganizational.2-05.i hipaa-1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 1451.05iCSPOrganizational.2-05.i 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1452.05kCSPOrganizational.1-05.k hipaa-1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1452.05kCSPOrganizational.1-05.k hipaa-1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1452.05kCSPOrganizational.1-05.k hipaa-1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 1452.05kCSPOrganizational.1-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance hipaa 1453.05kCSPOrganizational.2-05.k hipaa-1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 1453.05kCSPOrganizational.2-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance hipaa 1454.05kCSPOrganizational.3-05.k hipaa-1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 1454.05kCSPOrganizational.3-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance hipaa 1455.05kCSPOrganizational.4-05.k hipaa-1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 1455.05kCSPOrganizational.4-05.k 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1501.02f1Organizational.123-02.f hipaa-1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 1501.02f1Organizational.123-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 02.03 During Employment HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance hipaa 1507.11a1Organizational.4-11.a hipaa-1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1507.11a1Organizational.4-11.a hipaa-1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance hipaa 1507.11a1Organizational.4-11.a hipaa-1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1508.11a2Organizational.1-11.a hipaa-1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 1508.11a2Organizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1509.11a2Organizational.236-11.a hipaa-1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1510.11a2Organizational.47-11.a hipaa-1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1511.11a2Organizational.5-11.a hipaa-1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 1511.11a2Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1515.11a3Organizational.3-11.a hipaa-1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1516.11c1Organizational.12-11.c hipaa-1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1517.11c1Organizational.3-11.c hipaa-1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance hipaa 1518.11c2Organizational.13-11.c hipaa-1518.11c2Organizational.13-11.c 1518.11c2Organizational.13-11.c 1518.11c2Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance hipaa 1519.11c2Organizational.2-11.c hipaa-1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1520.11c2Organizational.4-11.c hipaa-1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1522.11c3Organizational.13-11.c hipaa-1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 1522.11c3Organizational.13-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance hipaa 1524.11a1Organizational.5-11.a hipaa-1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance hipaa 1524.11a1Organizational.5-11.a hipaa-1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance hipaa 1524.11a1Organizational.5-11.a hipaa-1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1560.11d1Organizational.1-11.d hipaa-1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1561.11d2Organizational.14-11.d hipaa-1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 1561.11d2Organizational.14-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
56fb5173-3865-5a5d-5fad-ae33e53e1577 Address information security issues Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1562.11d2Organizational.2-11.d hipaa-1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1563.11d2Organizational.3-11.d hipaa-1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1563.11d2Organizational.3-11.d hipaa-1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1563.11d2Organizational.3-11.d hipaa-1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1563.11d2Organizational.3-11.d hipaa-1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 1563.11d2Organizational.3-11.d 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance hipaa 1577.11aCSPOrganizational.1-11.a hipaa-1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance hipaa 1577.11aCSPOrganizational.1-11.a hipaa-1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance hipaa 1587.11c2Organizational.10-11.c hipaa-1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance hipaa 1589.11c1Organizational.5-11.c hipaa-1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1589.11c1Organizational.5-11.c hipaa-1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance hipaa 1589.11c1Organizational.5-11.c hipaa-1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance hipaa 1589.11c1Organizational.5-11.c hipaa-1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 1589.11c1Organizational.5-11.c 11.02 Management of Information Security Incidents and Improvements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1601.12c1Organizational.1238-12.c hipaa-1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1601.12c1Organizational.1238-12.c hipaa-1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance hipaa 1601.12c1Organizational.1238-12.c hipaa-1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 1601.12c1Organizational.1238-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance hipaa 1602.12c1Organizational.4567-12.c hipaa-1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance hipaa 1602.12c1Organizational.4567-12.c hipaa-1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1602.12c1Organizational.4567-12.c hipaa-1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance hipaa 1603.12c1Organizational.9-12.c hipaa-1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 1603.12c1Organizational.9-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 1607.12c2Organizational.4-12.c hipaa-1607.12c2Organizational.4-12.c 1607.12c2Organizational.4-12.c 1607.12c2Organizational.4-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1607.12c2Organizational.4-12.c hipaa-1607.12c2Organizational.4-12.c 1607.12c2Organizational.4-12.c 1607.12c2Organizational.4-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1608.12c2Organizational.5-12.c hipaa-1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1608.12c2Organizational.5-12.c hipaa-1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance hipaa 1608.12c2Organizational.5-12.c hipaa-1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 1608.12c2Organizational.5-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance hipaa 1609.12c3Organizational.12-12.c hipaa-1609.12c3Organizational.12-12.c 1609.12c3Organizational.12-12.c 1609.12c3Organizational.12-12.c 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1616.09l1Organizational.16-09.l hipaa-1616.09l1Organizational.16-09.l 1616.09l1Organizational.16-09.l 1616.09l1Organizational.16-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL hipaa 1616.09l1Organizational.16-09.l hipaa-1616.09l1Organizational.16-09.l 1616.09l1Organizational.16-09.l 1616.09l1Organizational.16-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1617.09l1Organizational.23-09.l hipaa-1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL hipaa 1617.09l1Organizational.23-09.l hipaa-1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1617.09l1Organizational.23-09.l hipaa-1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 1617.09l1Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance hipaa 1619.09l1Organizational.7-09.l hipaa-1619.09l1Organizational.7-09.l 1619.09l1Organizational.7-09.l 1619.09l1Organizational.7-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL hipaa 1619.09l1Organizational.7-09.l hipaa-1619.09l1Organizational.7-09.l 1619.09l1Organizational.7-09.l 1619.09l1Organizational.7-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance hipaa 1620.09l1Organizational.8-09.l hipaa-1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 1620.09l1Organizational.8-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL hipaa 1621.09l2Organizational.1-09.l hipaa-1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance hipaa 1621.09l2Organizational.1-09.l hipaa-1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 1621.09l2Organizational.1-09.l hipaa-1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 1621.09l2Organizational.1-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL hipaa 1622.09l2Organizational.23-09.l hipaa-1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1622.09l2Organizational.23-09.l hipaa-1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1622.09l2Organizational.23-09.l hipaa-1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance hipaa 1622.09l2Organizational.23-09.l hipaa-1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1623.09l2Organizational.4-09.l hipaa-1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL hipaa 1623.09l2Organizational.4-09.l hipaa-1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1623.09l2Organizational.4-09.l hipaa-1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 1623.09l2Organizational.4-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1624.09l3Organizational.12-09.l hipaa-1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL hipaa 1624.09l3Organizational.12-09.l hipaa-1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1624.09l3Organizational.12-09.l hipaa-1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 1624.09l3Organizational.12-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup hipaa 1625.09l3Organizational.34-09.l hipaa-1625.09l3Organizational.34-09.l 1625.09l3Organizational.34-09.l 1625.09l3Organizational.34-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1625.09l3Organizational.34-09.l hipaa-1625.09l3Organizational.34-09.l 1625.09l3Organizational.34-09.l 1625.09l3Organizational.34-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1626.09l3Organizational.5-09.l hipaa-1626.09l3Organizational.5-09.l 1626.09l3Organizational.5-09.l 1626.09l3Organizational.5-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL hipaa 1626.09l3Organizational.5-09.l hipaa-1626.09l3Organizational.5-09.l 1626.09l3Organizational.5-09.l 1626.09l3Organizational.5-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance hipaa 1627.09l3Organizational.6-09.l hipaa-1627.09l3Organizational.6-09.l 1627.09l3Organizational.6-09.l 1627.09l3Organizational.6-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL hipaa 1627.09l3Organizational.6-09.l hipaa-1627.09l3Organizational.6-09.l 1627.09l3Organizational.6-09.l 1627.09l3Organizational.6-09.l 09.05 Information Back-Up HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance hipaa 1634.12b1Organizational.1-12.b hipaa-1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 1634.12b1Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault hipaa 1635.12b1Organizational.2-12.b hipaa-1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 1635.12b1Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1636.12b2Organizational.1-12.b hipaa-1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance hipaa 1636.12b2Organizational.1-12.b hipaa-1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1636.12b2Organizational.1-12.b hipaa-1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 1636.12b2Organizational.1-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 1637.12b2Organizational.2-12.b hipaa-1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 1637.12b2Organizational.2-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1666.12d1Organizational.1235-12.d hipaa-1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1666.12d1Organizational.1235-12.d hipaa-1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1666.12d1Organizational.1235-12.d hipaa-1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1666.12d1Organizational.1235-12.d hipaa-1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 1666.12d1Organizational.1235-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1667.12d1Organizational.4-12.d hipaa-1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1667.12d1Organizational.4-12.d hipaa-1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance hipaa 1667.12d1Organizational.4-12.d hipaa-1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1667.12d1Organizational.4-12.d hipaa-1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 1667.12d1Organizational.4-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 1668.12d1Organizational.67-12.d hipaa-1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance hipaa 1668.12d1Organizational.67-12.d hipaa-1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance hipaa 1668.12d1Organizational.67-12.d hipaa-1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1668.12d1Organizational.67-12.d hipaa-1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 1668.12d1Organizational.67-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1669.12d1Organizational.8-12.d hipaa-1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 1669.12d1Organizational.8-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1670.12d2Organizational.1-12.d hipaa-1670.12d2Organizational.1-12.d 1670.12d2Organizational.1-12.d 1670.12d2Organizational.1-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance hipaa 1671.12d2Organizational.2-12.d hipaa-1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1671.12d2Organizational.2-12.d hipaa-1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1671.12d2Organizational.2-12.d hipaa-1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 1671.12d2Organizational.2-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance hipaa 1672.12d2Organizational.3-12.d hipaa-1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 1672.12d2Organizational.3-12.d 12.01 Information Security Aspects of Business Continuity Management HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup hipaa 1699.09l1Organizational.10-09.l hipaa-1699.09l1Organizational.10-09.l 1699.09l1Organizational.10 - 09.l Workforce members roles and responsibilities in the data backup process are identified and communicated to the workforce; in particular, Bring Your Own Device (BYOD) users are required to perform backups of organizational and/or client data on their devices. HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance hipaa 1704.03b1Organizational.12-03.b hipaa-1704.03b1Organizational.12-03.b 1704.03b1Organizational.12-03.b 1704.03b1Organizational.12-03.b 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1704.03b1Organizational.12-03.b hipaa-1704.03b1Organizational.12-03.b 1704.03b1Organizational.12-03.b 1704.03b1Organizational.12-03.b 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1705.03b2Organizational.12-03.b hipaa-1705.03b2Organizational.12-03.b 1705.03b2Organizational.12-03.b 1705.03b2Organizational.12-03.b 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 1705.03b2Organizational.12-03.b hipaa-1705.03b2Organizational.12-03.b 1705.03b2Organizational.12-03.b 1705.03b2Organizational.12-03.b 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 1707.03c1Organizational.12-03.c hipaa-1707.03c1Organizational.12-03.c 1707.03c1Organizational.12-03.c 1707.03c1Organizational.12-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance hipaa 1708.03c2Organizational.12-03.c hipaa-1708.03c2Organizational.12-03.c 1708.03c2Organizational.12-03.c 1708.03c2Organizational.12-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance hipaa 1708.03c2Organizational.12-03.c hipaa-1708.03c2Organizational.12-03.c 1708.03c2Organizational.12-03.c 1708.03c2Organizational.12-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 17100.10a3Organizational.5 hipaa-17100.10a3Organizational.5 17100.10a3Organizational.5 17100.10a3Organizational.5 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 17120.10a3Organizational.5-10.a hipaa-17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 17120.10a3Organizational.5-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance hipaa 17126.03c1System.6-03.c hipaa-17126.03c1System.6-03.c 17126.03c1System.6-03.c 17126.03c1System.6-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 17126.03c1System.6-03.c hipaa-17126.03c1System.6-03.c 17126.03c1System.6-03.c 17126.03c1System.6-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 17126.03c1System.6-03.c hipaa-17126.03c1System.6-03.c 17126.03c1System.6-03.c 17126.03c1System.6-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Issue guidelines for ensuring data quality and integrity Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 1713.03c1Organizational.3-03.c hipaa-1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 1713.03c1Organizational.3-03.c 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 1733.03d1Organizational.1-03.d hipaa-1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1733.03d1Organizational.1-03.d hipaa-1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1733.03d1Organizational.1-03.d hipaa-1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 1733.03d1Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance hipaa 1734.03d2Organizational.1-03.d hipaa-1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 1734.03d2Organizational.1-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance hipaa 1735.03d2Organizational.23-03.d hipaa-1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 1735.03d2Organizational.23-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 1736.03d2Organizational.4-03.d hipaa-1736.03d2Organizational.4-03.d 1736.03d2Organizational.4-03.d 1736.03d2Organizational.4-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance hipaa 1737.03d2Organizational.5-03.d hipaa-1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance hipaa 1737.03d2Organizational.5-03.d hipaa-1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance hipaa 1737.03d2Organizational.5-03.d hipaa-1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance hipaa 1737.03d2Organizational.5-03.d hipaa-1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 1737.03d2Organizational.5-03.d 03.01 Risk Management Program HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance hipaa 1780.10a1Organizational.1-10.a hipaa-1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance hipaa 1780.10a1Organizational.1-10.a hipaa-1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1780.10a1Organizational.1-10.a hipaa-1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 1780.10a1Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 1781.10a1Organizational.23-10.a hipaa-1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1781.10a1Organizational.23-10.a hipaa-1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1781.10a1Organizational.23-10.a hipaa-1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1781.10a1Organizational.23-10.a hipaa-1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 1781.10a1Organizational.23-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 1782.10a1Organizational.4-10.a hipaa-1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 1782.10a1Organizational.4-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance hipaa 1783.10a1Organizational.56-10.a hipaa-1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 1783.10a1Organizational.56-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance hipaa 1784.10a1Organizational.7-10.a hipaa-1784.10a1Organizational.7-10.a 1784.10a1Organizational.7-10.a 1784.10a1Organizational.7-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance hipaa 1785.10a1Organizational.8-10.a hipaa-1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance hipaa 1786.10a1Organizational.9-10.a hipaa-1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1786.10a1Organizational.9-10.a hipaa-1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance hipaa 1786.10a1Organizational.9-10.a hipaa-1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 1786.10a1Organizational.9-10.a hipaa-1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 1786.10a1Organizational.9-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b9d45adb-471b-56a5-64d2-5b241f126174 Automate privacy controls Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1787.10a2Organizational.1-10.a hipaa-1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 1787.10a2Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 1788.10a2Organizational.2-10.a hipaa-1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 1788.10a2Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1789.10a2Organizational.3-10.a hipaa-1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 1789.10a2Organizational.3-10.a hipaa-1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1789.10a2Organizational.3-10.a hipaa-1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1789.10a2Organizational.3-10.a hipaa-1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 1789.10a2Organizational.3-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 1790.10a2Organizational.45-10.a hipaa-1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 1790.10a2Organizational.45-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance hipaa 1791.10a2Organizational.6-10.a hipaa-1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 1791.10a2Organizational.6-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance hipaa 1792.10a2Organizational.7814-10.a hipaa-1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance hipaa 1792.10a2Organizational.7814-10.a hipaa-1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance hipaa 1792.10a2Organizational.7814-10.a hipaa-1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance hipaa 1792.10a2Organizational.7814-10.a hipaa-1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 1792.10a2Organizational.7814-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1793.10a2Organizational.91011-10.a hipaa-1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 1793.10a2Organizational.91011-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance hipaa 1794.10a2Organizational.12-10.a hipaa-1794.10a2Organizational.12-10.a 1794.10a2Organizational.12-10.a 1794.10a2Organizational.12-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance hipaa 1795.10a2Organizational.13-10.a hipaa-1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 1795.10a2Organizational.13-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance hipaa 1796.10a2Organizational.15-10.a hipaa-1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 1796.10a2Organizational.15-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1797.10a3Organizational.1-10.a hipaa-1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 1797.10a3Organizational.1-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture Regulatory Compliance hipaa 1798.10a3Organizational.2-10.a hipaa-1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance hipaa 1798.10a3Organizational.2-10.a hipaa-1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1798.10a3Organizational.2-10.a hipaa-1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 1798.10a3Organizational.2-10.a hipaa-1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 1798.10a3Organizational.2-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance hipaa 1799.10a3Organizational.34-10.a hipaa-1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 1799.10a3Organizational.34-10.a 10.01 Security Requirements of Information Systems HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1801.08b1Organizational.124-08.b hipaa-1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1801.08b1Organizational.124-08.b hipaa-1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance hipaa 1801.08b1Organizational.124-08.b hipaa-1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 1801.08b1Organizational.124-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1802.08b1Organizational.3-08.b hipaa-1802.08b1Organizational.3-08.b 1802.08b1Organizational.3-08.b 1802.08b1Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance hipaa 1803.08b1Organizational.5-08.b hipaa-1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance hipaa 1803.08b1Organizational.5-08.b hipaa-1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1803.08b1Organizational.5-08.b hipaa-1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 1803.08b1Organizational.5-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1804.08b2Organizational.12-08.b hipaa-1804.08b2Organizational.12-08.b 1804.08b2Organizational.12-08.b 1804.08b2Organizational.12-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1804.08b2Organizational.12-08.b hipaa-1804.08b2Organizational.12-08.b 1804.08b2Organizational.12-08.b 1804.08b2Organizational.12-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1805.08b2Organizational.3-08.b hipaa-1805.08b2Organizational.3-08.b 1805.08b2Organizational.3-08.b 1805.08b2Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1806.08b2Organizational.4-08.b hipaa-1806.08b2Organizational.4-08.b 1806.08b2Organizational.4-08.b 1806.08b2Organizational.4-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1807.08b2Organizational.56-08.b hipaa-1807.08b2Organizational.56-08.b 1807.08b2Organizational.56-08.b 1807.08b2Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance hipaa 1808.08b2Organizational.7-08.b hipaa-1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 1808.08b2Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1810.08b3Organizational.2-08.b hipaa-1810.08b3Organizational.2-08.b 1810.08b3Organizational.2-08.b 1810.08b3Organizational.2-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance hipaa 18108.08j1Organizational.1-08.j hipaa-18108.08j1Organizational.1-08.j 18108.08j1Organizational.1-08.j 18108.08j1Organizational.1-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 18108.08j1Organizational.1-08.j hipaa-18108.08j1Organizational.1-08.j 18108.08j1Organizational.1-08.j 18108.08j1Organizational.1-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance hipaa 18109.08j1Organizational.4-08.j hipaa-18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 18109.08j1Organizational.4-08.j hipaa-18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance hipaa 18109.08j1Organizational.4-08.j hipaa-18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance hipaa 18109.08j1Organizational.4-08.j hipaa-18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 18109.08j1Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1811.08b3Organizational.3-08.b hipaa-1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1811.08b3Organizational.3-08.b hipaa-1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1811.08b3Organizational.3-08.b hipaa-1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1811.08b3Organizational.3-08.b hipaa-1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 1811.08b3Organizational.3-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 18110.08j1Organizational.5-08.j hipaa-18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance hipaa 18110.08j1Organizational.5-08.j hipaa-18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance Regulatory Compliance hipaa 18110.08j1Organizational.5-08.j hipaa-18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 18110.08j1Organizational.5-08.j hipaa-18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance hipaa 18111.08j1Organizational.6-08.j hipaa-18111.08j1Organizational.6-08.j 18111.08j1Organizational.6-08.j 18111.08j1Organizational.6-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 18112.08j3Organizational.4-08.j hipaa-18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance hipaa 18112.08j3Organizational.4-08.j hipaa-18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance hipaa 18112.08j3Organizational.4-08.j hipaa-18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 18112.08j3Organizational.4-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance hipaa 1812.08b3Organizational.46-08.b hipaa-1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 1812.08b3Organizational.46-08.b hipaa-1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 1812.08b3Organizational.46-08.b hipaa-1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 1812.08b3Organizational.46-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 18127.08l1Organizational.3-08.l hipaa-18127.08l1Organizational.3-08.l 18127.08l1Organizational.3-08.l 18127.08l1Organizational.3-08.l 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 1813.08b3Organizational.56-08.b hipaa-1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1813.08b3Organizational.56-08.b hipaa-1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 1813.08b3Organizational.56-08.b hipaa-1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1813.08b3Organizational.56-08.b hipaa-1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 1813.08b3Organizational.56-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance hipaa 18130.09p1Organizational.24-09.p hipaa-18130.09p1Organizational.24-09.p 18130.09p1Organizational.24-09.p 18130.09p1Organizational.24-09.p 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1814.08d1Organizational.12-08.d hipaa-1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1814.08d1Organizational.12-08.d hipaa-1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1814.08d1Organizational.12-08.d hipaa-1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 1814.08d1Organizational.12-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 18145.08b3Organizational.7-08.b hipaa-18145.08b3Organizational.7-08.b 18145.08b3Organizational.7-08.b 18145.08b3Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 18145.08b3Organizational.7-08.b hipaa-18145.08b3Organizational.7-08.b 18145.08b3Organizational.7-08.b 18145.08b3Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 18146.08b3Organizational.8-08.b hipaa-18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 18146.08b3Organizational.8-08.b hipaa-18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 18146.08b3Organizational.8-08.b hipaa-18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 18146.08b3Organizational.8-08.b hipaa-18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 18146.08b3Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1815.08d2Organizational.123-08.d hipaa-1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1815.08d2Organizational.123-08.d hipaa-1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1815.08d2Organizational.123-08.d hipaa-1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 1815.08d2Organizational.123-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance hipaa 1816.08d2Organizational.4-08.d hipaa-1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance hipaa 1816.08d2Organizational.4-08.d hipaa-1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance hipaa 1816.08d2Organizational.4-08.d hipaa-1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance hipaa 1816.08d2Organizational.4-08.d hipaa-1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 1816.08d2Organizational.4-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1817.08d3Organizational.12-08.d hipaa-1817.08d3Organizational.12-08.d 1817.08d3Organizational.12-08.d 1817.08d3Organizational.12-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1818.08d3Organizational.3-08.d hipaa-1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1818.08d3Organizational.3-08.d hipaa-1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1818.08d3Organizational.3-08.d hipaa-1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 1818.08d3Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1819.08j1Organizational.23-08.j hipaa-1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 1819.08j1Organizational.23-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1820.08j2Organizational.1-08.j hipaa-1820.08j2Organizational.1-08.j 1820.08j2Organizational.1-08.j 1820.08j2Organizational.1-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1820.08j2Organizational.1-08.j hipaa-1820.08j2Organizational.1-08.j 1820.08j2Organizational.1-08.j 1820.08j2Organizational.1-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance hipaa 1821.08j2Organizational.3-08.j hipaa-1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance hipaa 1821.08j2Organizational.3-08.j hipaa-1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1821.08j2Organizational.3-08.j hipaa-1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1821.08j2Organizational.3-08.j hipaa-1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 1821.08j2Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1822.08j2Organizational.2-08.j hipaa-1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1822.08j2Organizational.2-08.j hipaa-1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance hipaa 1822.08j2Organizational.2-08.j hipaa-1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance hipaa 1822.08j2Organizational.2-08.j hipaa-1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 1822.08j2Organizational.2-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1823.08j3Organizational.12-08.j hipaa-1823.08j3Organizational.12-08.j 1823.08j3Organizational.12-08.j 1823.08j3Organizational.12-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1823.08j3Organizational.12-08.j hipaa-1823.08j3Organizational.12-08.j 1823.08j3Organizational.12-08.j 1823.08j3Organizational.12-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance hipaa 1824.08j3Organizational.3-08.j hipaa-1824.08j3Organizational.3-08.j 1824.08j3Organizational.3-08.j 1824.08j3Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance hipaa 1824.08j3Organizational.3-08.j hipaa-1824.08j3Organizational.3-08.j 1824.08j3Organizational.3-08.j 1824.08j3Organizational.3-08.j 08.02 Equipment Security HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 1826.09p1Organizational.1-09.p hipaa-1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1826.09p1Organizational.1-09.p hipaa-1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 1826.09p1Organizational.1-09.p hipaa-1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 1826.09p1Organizational.1-09.p 09.07 Media Handling HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1844.08b1Organizational.6-08.b hipaa-1844.08b1Organizational.6-08.b 1844.08b1Organizational.6-08.b 1844.08b1Organizational.6-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1845.08b1Organizational.7-08.b hipaa-1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1845.08b1Organizational.7-08.b hipaa-1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance hipaa 1845.08b1Organizational.7-08.b hipaa-1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1845.08b1Organizational.7-08.b hipaa-1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 1845.08b1Organizational.7-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance hipaa 1846.08b2Organizational.8-08.b hipaa-1846.08b2Organizational.8-08.b 1846.08b2Organizational.8-08.b 1846.08b2Organizational.8-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1847.08b2Organizational.910-08.b hipaa-1847.08b2Organizational.910-08.b 1847.08b2Organizational.910-08.b 1847.08b2Organizational.910-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1847.08b2Organizational.910-08.b hipaa-1847.08b2Organizational.910-08.b 1847.08b2Organizational.910-08.b 1847.08b2Organizational.910-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1848.08b2Organizational.11-08.b hipaa-1848.08b2Organizational.11-08.b 1848.08b2Organizational.11-08.b 1848.08b2Organizational.11-08.b 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance hipaa 1862.08d1Organizational.3-08.d hipaa-1862.08d1Organizational.3-08.d 1862.08d1Organizational.3-08.d 1862.08d1Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1862.08d1Organizational.3-08.d hipaa-1862.08d1Organizational.3-08.d 1862.08d1Organizational.3-08.d 1862.08d1Organizational.3-08.d 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance hipaa 1862.08d3Organizational.3 hipaa-1862.08d3Organizational.3 1862.08d3Organizational.3 1862.08d3Organizational.3 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance hipaa 1862.08d3Organizational.3 hipaa-1862.08d3Organizational.3 1862.08d3Organizational.3 1862.08d3Organizational.3 08.01 Secure Areas HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance hipaa 1892.01l1Organizational.1 hipaa-1892.01l1Organizational.1 1892.01l1Organizational.1 1892.01l1Organizational.1 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance hipaa 1892.01l1Organizational.1 hipaa-1892.01l1Organizational.1 1892.01l1Organizational.1 1892.01l1Organizational.1 01.04 Network Access Control HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 1901.06d1Organizational.1-06.d hipaa-1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 1901.06d1Organizational.1-06.d hipaa-1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance hipaa 1901.06d1Organizational.1-06.d hipaa-1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
75b9db50-7906-2351-98ae-0458218609e5 Retain accounting of disclosures of information Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
d4f70530-19a2-2a85-6e0c-0c3c465e3325 Make accounting of disclosures available upon request Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance hipaa 1903.06d1Organizational.3456711-06.d hipaa-1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 1903.06d1Organizational.3456711-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 1904.06.d2Organizational.1-06.d hipaa-1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 1904.06.d2Organizational.1-06.d hipaa-1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1904.06.d2Organizational.1-06.d hipaa-1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 1904.06.d2Organizational.1-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5023a9e7-8e64-2db6-31dc-7bce27f796af Provide privacy notice to the public and to individuals Regulatory Compliance hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
898a5781-2254-5a37-34c7-d78ea7c20d55 Publish SORNs for systems containing PII Regulatory Compliance hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
95eb7d09-9937-5df9-11d9-20317e3f60df Provide formal notice to individuals Regulatory Compliance hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f3c17714-8ce7-357f-4af2-a0baa63a063f Make SORNs available publicly Regulatory Compliance hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
898a5781-2254-5a37-34c7-d78ea7c20d55 Publish SORNs for systems containing PII Regulatory Compliance hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
95eb7d09-9937-5df9-11d9-20317e3f60df Provide formal notice to individuals Regulatory Compliance hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 Keep SORNs updated Regulatory Compliance hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f3c17714-8ce7-357f-4af2-a0baa63a063f Make SORNs available publicly Regulatory Compliance hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
898a5781-2254-5a37-34c7-d78ea7c20d55 Publish SORNs for systems containing PII Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
3bd4e0af-7cbb-a3ec-4918-056a3c017ae2 Keep SORNs updated Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
f3c17714-8ce7-357f-4af2-a0baa63a063f Make SORNs available publicly Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
95eb7d09-9937-5df9-11d9-20317e3f60df Provide formal notice to individuals Regulatory Compliance hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
94c842e3-8098-38f9-6d3f-8872b790527d Remove or redact any PII Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 1911.06d1Organizational.13-06.d hipaa-1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 05.02 External Parties HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance hipaa 19141.06c1Organizational.7-06.c hipaa-19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 19141.06c1Organizational.7-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 19142.06c1Organizational.8-06.c hipaa-19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 19142.06c1Organizational.8-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance hipaa 19143.06c1Organizational.9-06.c hipaa-19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 19143.06c1Organizational.9-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 19144.06c2Organizational.1-06.c hipaa-19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 19144.06c2Organizational.1-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance hipaa 19145.06c2Organizational.2-06.c hipaa-19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 19145.06c2Organizational.2-06.c 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 19242.06d1Organizational.14-06.d hipaa-19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 19242.06d1Organizational.14-06.d hipaa-19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 19242.06d1Organizational.14-06.d hipaa-19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
94c842e3-8098-38f9-6d3f-8872b790527d Remove or redact any PII Regulatory Compliance hipaa 19242.06d1Organizational.14-06.d hipaa-19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 19242.06d1Organizational.14-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b9d45adb-471b-56a5-64d2-5b241f126174 Automate privacy controls Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
94c842e3-8098-38f9-6d3f-8872b790527d Remove or redact any PII Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance hipaa 19243.06d1Organizational.15-06.d hipaa-19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Issue guidelines for ensuring data quality and integrity Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
cdcb825f-a0fb-31f9-29c1-ab566718499a Publish Computer Matching Agreements on public website Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
8bb40df9-23e4-4175-5db3-8dba86349b73 Confirm quality and integrity of PII Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance hipaa 19245.06d2Organizational.2-06.d hipaa-19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 19245.06d2Organizational.2-06.d 06.01 Compliance with Legal Requirements HITRUST/HIPAA (a169a624-5599-4385-a696-c8d643089fab)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service IRS_1075_9.3 .1.12 IRS_1075_9.3.1.12 IRS 1075 9.3.1.12 Remote Access (AC-17) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL IRS_1075_9.3 .1.2 IRS_1075_9.3.1.2 IRS 1075 9.3.1.2 Account Management (AC-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service IRS_1075_9.3 .1.4 IRS_1075_9.3.1.4 IRS 1075 9.3.1.4 Information Flow Enforcement (AC-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center IRS_1075_9.3 .1.5 IRS_1075_9.3.1.5 IRS 1075 9.3.1.5 Separation of Duties (AC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration IRS_1075_9.3 .1.6 IRS_1075_9.3.1.6 IRS 1075 9.3.1.6 Least Privilege (AC-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .14.3 IRS_1075_9.3.14.3 IRS 1075 9.3.14.3 Vulnerability Scanning (RA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL IRS_1075_9.3 .16.15 IRS_1075_9.3.16.15 IRS 1075 9.3.16.15 Protection of Information at Rest (SC-28) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .16.15 IRS_1075_9.3.16.15 IRS 1075 9.3.16.15 Protection of Information at Rest (SC-28) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .16.15 IRS_1075_9.3.16.15 IRS 1075 9.3.16.15 Protection of Information at Rest (SC-28) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center IRS_1075_9.3 .16.4 IRS_1075_9.3.16.4 IRS 1075 9.3.16.4 Denial of Service Protection (SC-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center IRS_1075_9.3 .16.5 IRS_1075_9.3.16.5 IRS 1075 9.3.16.5 Boundary Protection (SC-7) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage IRS_1075_9.3 .16.5 IRS_1075_9.3.16.5 IRS 1075 9.3.16.5 Boundary Protection (SC-7) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center IRS_1075_9.3 .16.5 IRS_1075_9.3.16.5 IRS 1075 9.3.16.5 Boundary Protection (SC-7) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center IRS_1075_9.3 .16.5 IRS_1075_9.3.16.5 IRS 1075 9.3.16.5 Boundary Protection (SC-7) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage IRS_1075_9.3 .16.6 IRS_1075_9.3.16.6 IRS 1075 9.3.16.6 Transmission Confidentiality and Integrity (SC-8) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center IRS_1075_9.3 .17.2 IRS_1075_9.3.17.2 IRS 1075 9.3.17.2 Flaw Remediation (SI-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center IRS_1075_9.3 .17.2 IRS_1075_9.3.17.2 IRS 1075 9.3.17.2 Flaw Remediation (SI-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center IRS_1075_9.3 .17.2 IRS_1075_9.3.17.2 IRS 1075 9.3.17.2 Flaw Remediation (SI-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center IRS_1075_9.3 .17.2 IRS_1075_9.3.17.2 IRS 1075 9.3.17.2 Flaw Remediation (SI-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center IRS_1075_9.3 .17.2 IRS_1075_9.3.17.2 IRS 1075 9.3.17.2 Flaw Remediation (SI-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center IRS_1075_9.3 .17.2 IRS_1075_9.3.17.2 IRS 1075 9.3.17.2 Flaw Remediation (SI-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center IRS_1075_9.3 .17.3 IRS_1075_9.3.17.3 IRS 1075 9.3.17.3 Malicious Code Protection (SI-3) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center IRS_1075_9.3 .17.3 IRS_1075_9.3.17.3 IRS 1075 9.3.17.3 Malicious Code Protection (SI-3) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring IRS_1075_9.3 .17.4 IRS_1075_9.3.17.4 IRS 1075 9.3.17.4 Information System Monitoring (SI-4) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .3.11 IRS_1075_9.3.3.11 IRS 1075 9.3.3.11 Audit Generation (AU-12) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring IRS_1075_9.3 .3.3 IRS_1075_9.3.3.3 IRS 1075 9.3.3.3 Content of Audit Records (AU-3) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring IRS_1075_9.3 .3.3 IRS_1075_9.3.3.3 IRS 1075 9.3.3.3 Content of Audit Records (AU-3) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring IRS_1075_9.3 .3.3 IRS_1075_9.3.3.3 IRS 1075 9.3.3.3 Content of Audit Records (AU-3) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring IRS_1075_9.3 .3.5 IRS_1075_9.3.3.5 IRS 1075 9.3.3.5 Response to Audit Processing Failures (AU-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL IRS_1075_9.3 .3.5 IRS_1075_9.3.3.5 IRS 1075 9.3.3.5 Response to Audit Processing Failures (AU-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL IRS_1075_9.3 .3.5 IRS_1075_9.3.3.5 IRS 1075 9.3.3.5 Response to Audit Processing Failures (AU-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL IRS_1075_9.3 .3.5 IRS_1075_9.3.3.5 IRS 1075 9.3.3.5 Response to Audit Processing Failures (AU-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring IRS_1075_9.3 .3.6 IRS_1075_9.3.3.6 IRS 1075 9.3.3.6 Audit Review, Analysis, and Reporting (AU-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring IRS_1075_9.3 .3.6 IRS_1075_9.3.3.6 IRS 1075 9.3.3.6 Audit Review, Analysis, and Reporting (AU-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring IRS_1075_9.3 .3.6 IRS_1075_9.3.3.6 IRS 1075 9.3.3.6 Audit Review, Analysis, and Reporting (AU-6) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center IRS_1075_9.3 .5.11 IRS_1075_9.3.5.11 IRS 1075 9.3.5.11 User-Installed Software (CM-11) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center IRS_1075_9.3 .5.7 IRS_1075_9.3.5.7 IRS 1075 9.3.5.7 Least Functionality (CM-7) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute IRS_1075_9.3 .6.6 IRS_1075_9.3.6.6 IRS 1075 9.3.6.6 Alternate Processing Site (CP-7) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center IRS_1075_9.3 .7.2 IRS_1075_9.3.7.2 IRS 1075 9.3.7.2 Identification and Authentication (Organizational Users) (IA-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center IRS_1075_9.3 .7.2 IRS_1075_9.3.7.2 IRS 1075 9.3.7.2 Identification and Authentication (Organizational Users) (IA-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center IRS_1075_9.3 .7.2 IRS_1075_9.3.7.2 IRS 1075 9.3.7.2 Identification and Authentication (Organizational Users) (IA-2) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration IRS_1075_9.3 .7.5 IRS_1075_9.3.7.5 IRS 1075 9.3.7.5 Authenticator Management (IA-5) IRS1075 September 2016 (105e0327-6175-4eb2-9af4-1fba43bdb39d)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service ISO27001-2013 A.10.1.1 ISO27001-2013_A.10.1.1 ISO 27001:2013 A.10.1.1 Policy on the use of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance ISO27001-2013 A.10.1.2 ISO27001-2013_A.10.1.2 ISO 27001:2013 A.10.1.2 Key Management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.1.1 ISO27001-2013_A.11.1.1 ISO 27001:2013 A.11.1.1 Physical security perimeter ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance ISO27001-2013 A.11.1.2 ISO27001-2013_A.11.1.2 ISO 27001:2013 A.11.1.2 Physical entry controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.1.3 ISO27001-2013_A.11.1.3 ISO 27001:2013 A.11.1.3 Securing offices, rooms and facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Protecting against external and environmental threats ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.11.1.5 ISO27001-2013_A.11.1.5 ISO 27001:2013 A.11.1.5 Working in secure areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.11.1.5 ISO27001-2013_A.11.1.5 ISO 27001:2013 A.11.1.5 Working in secure areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.11.1.5 ISO27001-2013_A.11.1.5 ISO 27001:2013 A.11.1.5 Working in secure areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.1.6 ISO27001-2013_A.11.1.6 ISO 27001:2013 A.11.1.6 Delivering and loading areas ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.2.1 ISO27001-2013_A.11.2.1 ISO 27001:2013 A.11.2.1 Equipment sitting and protection ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.2.2 ISO27001-2013_A.11.2.2 ISO 27001:2013 A.11.2.2 Supporting utilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance ISO27001-2013 A.11.2.2 ISO27001-2013_A.11.2.2 ISO 27001:2013 A.11.2.2 Supporting utilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance ISO27001-2013 A.11.2.2 ISO27001-2013_A.11.2.2 ISO 27001:2013 A.11.2.2 Supporting utilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.11.2.3 ISO27001-2013_A.11.2.3 ISO 27001:2013 A.11.2.3 Cabling security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.11.2.3 ISO27001-2013_A.11.2.3 ISO 27001:2013 A.11.2.3 Cabling security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.11.2.3 ISO27001-2013_A.11.2.3 ISO 27001:2013 A.11.2.3 Cabling security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.11.2.3 ISO27001-2013_A.11.2.3 ISO 27001:2013 A.11.2.3 Cabling security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.11.2.4 ISO27001-2013_A.11.2.4 ISO 27001:2013 A.11.2.4 Equipment maintenance ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance ISO27001-2013 A.11.2.5 ISO27001-2013_A.11.2.5 ISO 27001:2013 A.11.2.5 Removal of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance ISO27001-2013 A.11.2.6 ISO27001-2013_A.11.2.6 ISO 27001:2013 A.11.2.6 Security of equipment and assets off-premises ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.11.2.7 ISO27001-2013_A.11.2.7 ISO 27001:2013 A.11.2.7 Secure disposal or re-use of equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance ISO27001-2013 A.11.2.8 ISO27001-2013_A.11.2.8 ISO 27001:2013 A.11.2.8 Unattended user equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.11.2.8 ISO27001-2013_A.11.2.8 ISO 27001:2013 A.11.2.8 Unattended user equipment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.11.2.9 ISO27001-2013_A.11.2.9 ISO 27001:2013 A.11.2.9 Clear desk and clear screen policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.11.2.9 ISO27001-2013_A.11.2.9 ISO 27001:2013 A.11.2.9 Clear desk and clear screen policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.11.2.9 ISO27001-2013_A.11.2.9 ISO 27001:2013 A.11.2.9 Clear desk and clear screen policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance ISO27001-2013 A.12.1.1 ISO27001-2013_A.12.1.1 ISO 27001:2013 A.12.1.1 Documented operating procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.12.1.2 ISO27001-2013_A.12.1.2 ISO 27001:2013 A.12.1.2 Change management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance ISO27001-2013 A.12.1.3 ISO27001-2013_A.12.1.3 ISO 27001:2013 A.12.1.3 Capacity management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance ISO27001-2013 A.12.1.3 ISO27001-2013_A.12.1.3 ISO 27001:2013 A.12.1.3 Capacity management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cf79f602-1e60-5423-6c0c-e632c2ea1fc0 Implement controls to protect PII Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.1.4 ISO27001-2013_A.12.1.4 ISO 27001:2013 A.12.1.4 Separation of development, testing and operational environments ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance ISO27001-2013 A.12.2.1 ISO27001-2013_A.12.2.1 ISO 27001:2013 A.12.2.1 Controls against malware ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Information backup ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ad1d562b-a04b-15d3-6770-ed310b601cb5 Publish rules and regulations accessing Privacy Act records Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 Publish access procedures in SORNs Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Implement methods for consumer requests Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Event Logging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance ISO27001-2013 A.12.4.2 ISO27001-2013_A.12.4.2 ISO 27001:2013 A.12.4.2 Protection of log information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance ISO27001-2013 A.12.4.3 ISO27001-2013_A.12.4.3 ISO 27001:2013 A.12.4.3 Administrator and operator logs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring ISO27001-2013 A.12.4.4 ISO27001-2013_A.12.4.4 ISO 27001:2013 A.12.4.4 Clock Synchronization ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.12.5.1 ISO27001-2013_A.12.5.1 ISO 27001:2013 A.12.5.1 Installation of software on operational systems ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.12.6.1 ISO27001-2013_A.12.6.1 ISO 27001:2013 A.12.6.1 Management of technical vulnerabilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.12.6.2 ISO27001-2013_A.12.6.2 ISO 27001:2013 A.12.6.2 Restrictions on software installation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance ISO27001-2013 A.12.7.1 ISO27001-2013_A.12.7.1 ISO 27001:2013 A.12.7.1 Information systems audit controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance ISO27001-2013 A.13.1.1 ISO27001-2013_A.13.1.1 ISO 27001:2013 A.13.1.1 Network controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance ISO27001-2013 A.13.1.2 ISO27001-2013_A.13.1.2 ISO 27001:2013 A.13.1.2 Security of network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.13.1.3 ISO27001-2013_A.13.1.3 ISO 27001:2013 A.13.1.3 Segregation of networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.13.2.1 ISO27001-2013_A.13.2.1 ISO 27001:2013 A.13.2.1 Information transfer policies and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance ISO27001-2013 A.13.2.2 ISO27001-2013_A.13.2.2 ISO 27001:2013 A.13.2.2 Agreements on information transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.13.2.3 ISO27001-2013_A.13.2.3 ISO 27001:2013 A.13.2.3 Electronic messaging ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance ISO27001-2013 A.13.2.4 ISO27001-2013_A.13.2.4 ISO 27001:2013 A.13.2.4 Confidentiality or non-disclosure agreements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.14.1.1 ISO27001-2013_A.14.1.1 ISO 27001:2013 A.14.1.1 Information security requirements analysis and specification ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.14.1.2 ISO27001-2013_A.14.1.2 ISO 27001:2013 A.14.1.2 Securing application services on public networks ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.14.1.3 ISO27001-2013_A.14.1.3 ISO 27001:2013 A.14.1.3 Protecting application services transactions ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance ISO27001-2013 A.14.2.1 ISO27001-2013_A.14.2.1 ISO 27001:2013 A.14.2.1 Secure development policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.2 ISO27001-2013_A.14.2.2 ISO 27001:2013 A.14.2.2 System change control procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.14.2.3 ISO27001-2013_A.14.2.3 ISO 27001:2013 A.14.2.3 Technical review of applications after operating platform changes ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 A.14.2.4 ISO27001-2013_A.14.2.4 ISO 27001:2013 A.14.2.4 Restrictions on changes to software packages ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance ISO27001-2013 A.14.2.5 ISO27001-2013_A.14.2.5 ISO 27001:2013 A.14.2.5 Secure system engineering principles ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.6 ISO27001-2013_A.14.2.6 ISO 27001:2013 A.14.2.6 Secure development environment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance ISO27001-2013 A.14.2.7 ISO27001-2013_A.14.2.7 ISO 27001:2013 A.14.2.7 Outsourced development ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 A.14.2.8 ISO27001-2013_A.14.2.8 ISO 27001:2013 A.14.2.8 System security testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.14.2.9 ISO27001-2013_A.14.2.9 ISO 27001:2013 A.14.2.9 System acceptance testing ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance ISO27001-2013 A.14.3.1 ISO27001-2013_A.14.3.1 ISO 27001:2013 A.14.3.1 Protection of test data ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.15.1.1 ISO27001-2013_A.15.1.1 ISO 27001:2013 A.15.1.1 Information security policy for supplier relationships ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.15.1.2 ISO27001-2013_A.15.1.2 ISO 27001:2013 A.15.1.2 Addressing security within supplier agreement ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance ISO27001-2013 A.15.1.3 ISO27001-2013_A.15.1.3 ISO 27001:2013 A.15.1.3 Information and communication technology supply chain ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance ISO27001-2013 A.15.1.3 ISO27001-2013_A.15.1.3 ISO 27001:2013 A.15.1.3 Information and communication technology supply chain ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance ISO27001-2013 A.15.1.3 ISO27001-2013_A.15.1.3 ISO 27001:2013 A.15.1.3 Information and communication technology supply chain ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.15.1.3 ISO27001-2013_A.15.1.3 ISO 27001:2013 A.15.1.3 Information and communication technology supply chain ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.15.2.1 ISO27001-2013_A.15.2.1 ISO 27001:2013 A.15.2.1 Monitoring and review of supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.15.2.1 ISO27001-2013_A.15.2.1 ISO 27001:2013 A.15.2.1 Monitoring and review of supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.15.2.1 ISO27001-2013_A.15.2.1 ISO 27001:2013 A.15.2.1 Monitoring and review of supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.15.2.1 ISO27001-2013_A.15.2.1 ISO 27001:2013 A.15.2.1 Monitoring and review of supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.15.2.2 ISO27001-2013_A.15.2.2 ISO 27001:2013 A.15.2.2 Managing changes to supplier services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.16.1.1 ISO27001-2013_A.16.1.1 ISO 27001:2013 A.16.1.1 Responsibilities and procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance ISO27001-2013 A.16.1.2 ISO27001-2013_A.16.1.2 ISO 27001:2013 A.16.1.2 Reporting information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance ISO27001-2013 A.16.1.3 ISO27001-2013_A.16.1.3 ISO 27001:2013 A.16.1.3 Reporting information security weaknesses ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.3 ISO27001-2013_A.16.1.3 ISO 27001:2013 A.16.1.3 Reporting information security weaknesses ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance ISO27001-2013 A.16.1.3 ISO27001-2013_A.16.1.3 ISO 27001:2013 A.16.1.3 Reporting information security weaknesses ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 A.16.1.3 ISO27001-2013_A.16.1.3 ISO 27001:2013 A.16.1.3 Reporting information security weaknesses ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance ISO27001-2013 A.16.1.4 ISO27001-2013_A.16.1.4 ISO 27001:2013 A.16.1.4 Assessment of and decision on information security events ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.5 ISO27001-2013_A.16.1.5 ISO 27001:2013 A.16.1.5 Response to information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance ISO27001-2013 A.16.1.6 ISO27001-2013_A.16.1.6 ISO 27001:2013 A.16.1.6 Learning from information security incidents ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 A.16.1.7 ISO27001-2013_A.16.1.7 ISO 27001:2013 A.16.1.7 Collection of evidence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance ISO27001-2013 A.17.1.1 ISO27001-2013_A.17.1.1 ISO 27001:2013 A.17.1.1 Planning information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Implementing information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance ISO27001-2013 A.17.1.3 ISO27001-2013_A.17.1.3 ISO 27001:2013 A.17.1.3 Verify, review and evaluate information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance ISO27001-2013 A.17.1.3 ISO27001-2013_A.17.1.3 ISO 27001:2013 A.17.1.3 Verify, review and evaluate information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance ISO27001-2013 A.17.1.3 ISO27001-2013_A.17.1.3 ISO 27001:2013 A.17.1.3 Verify, review and evaluate information security continuity ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Availability of information processing facilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Identification applicable legislation and contractual requirements ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance ISO27001-2013 A.18.1.2 ISO27001-2013_A.18.1.2 ISO 27001:2013 A.18.1.2 Intellectual property rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance ISO27001-2013 A.18.1.2 ISO27001-2013_A.18.1.2 ISO 27001:2013 A.18.1.2 Intellectual property rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance ISO27001-2013 A.18.1.3 ISO27001-2013_A.18.1.3 ISO 27001:2013 A.18.1.3 Protection of records ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Privacy and protection of personally identifiable information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance ISO27001-2013 A.18.1.5 ISO27001-2013_A.18.1.5 ISO 27001:2013 A.18.1.5 Regulation of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance ISO27001-2013 A.18.1.5 ISO27001-2013_A.18.1.5 ISO 27001:2013 A.18.1.5 Regulation of cryptographic controls ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance ISO27001-2013 A.18.2.1 ISO27001-2013_A.18.2.1 ISO 27001:2013 A.18.2.1 Independent review of information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 A.18.2.1 ISO27001-2013_A.18.2.1 ISO 27001:2013 A.18.2.1 Independent review of information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance with security policies and standards ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance ISO27001-2013 A.18.2.3 ISO27001-2013_A.18.2.3 ISO 27001:2013 A.18.2.3 Technical compliance review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Review of the policies for information security ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8b077bff-516f-3983-6c42-c86e9a11868b Designate individuals to fulfill specific roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6baae474-434f-2e91-7163-a72df30c4847 Manage security state of information systems Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Information security roles and responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center ISO27001-2013 A.6.1.2 ISO27001-2013_A.6.1.2 ISO 27001:2013 A.6.1.2 Segregation of Duties ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance ISO27001-2013 A.6.1.3 ISO27001-2013_A.6.1.3 ISO 27001:2013 A.6.1.3 Contact with authorities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.6.1.3 ISO27001-2013_A.6.1.3 ISO 27001:2013 A.6.1.3 Contact with authorities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Contact with special interest groups ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance ISO27001-2013 A.6.1.5 ISO27001-2013_A.6.1.5 ISO 27001:2013 A.6.1.5 Information security in project management ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance ISO27001-2013 A.6.2.1 ISO27001-2013_A.6.2.1 ISO 27001:2013 A.6.2.1 Mobile device policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.6.2.2 ISO27001-2013_A.6.2.2 ISO 27001:2013 A.6.2.2 Teleworking ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance ISO27001-2013 A.7.1.1 ISO27001-2013_A.7.1.1 ISO 27001:2013 A.7.1.1 Screening ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance ISO27001-2013 A.7.1.1 ISO27001-2013_A.7.1.1 ISO 27001:2013 A.7.1.1 Screening ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance ISO27001-2013 A.7.1.1 ISO27001-2013_A.7.1.1 ISO 27001:2013 A.7.1.1 Screening ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.1.2 ISO27001-2013_A.7.1.2 ISO 27001:2013 A.7.1.2 Terms and conditions of employment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance ISO27001-2013 A.7.2.1 ISO27001-2013_A.7.2.1 ISO 27001:2013 A.7.2.1 Management responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Information security awareness, education and training ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance ISO27001-2013 A.7.2.3 ISO27001-2013_A.7.2.3 ISO 27001:2013 A.7.2.3 Disciplinary process ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance ISO27001-2013 A.7.2.3 ISO27001-2013_A.7.2.3 ISO 27001:2013 A.7.2.3 Disciplinary process ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance ISO27001-2013 A.7.3.1 ISO27001-2013_A.7.3.1 ISO 27001:2013 A.7.3.1 Termination or change of employment responsibilities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance ISO27001-2013 A.8.1.1 ISO27001-2013_A.8.1.1 ISO 27001:2013 A.8.1.1 Inventory of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance ISO27001-2013 A.8.1.1 ISO27001-2013_A.8.1.1 ISO 27001:2013 A.8.1.1 Inventory of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance ISO27001-2013 A.8.1.2 ISO27001-2013_A.8.1.2 ISO 27001:2013 A.8.1.2 Ownership of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 A.8.1.3 ISO27001-2013_A.8.1.3 ISO 27001:2013 A.8.1.3 Acceptable use of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 A.8.1.3 ISO27001-2013_A.8.1.3 ISO 27001:2013 A.8.1.3 Acceptable use of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance ISO27001-2013 A.8.1.4 ISO27001-2013_A.8.1.4 ISO 27001:2013 A.8.1.4 Return of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance ISO27001-2013 A.8.2.1 ISO27001-2013_A.8.2.1 ISO 27001:2013 A.8.2.1 Classification of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.8.2.2 ISO27001-2013_A.8.2.2 ISO 27001:2013 A.8.2.2 Labelling of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.8.2.2 ISO27001-2013_A.8.2.2 ISO 27001:2013 A.8.2.2 Labelling of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.2.2 ISO27001-2013_A.8.2.2 ISO 27001:2013 A.8.2.2 Labelling of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.8.2.2 ISO27001-2013_A.8.2.2 ISO 27001:2013 A.8.2.2 Labelling of information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance ISO27001-2013 A.8.2.3 ISO27001-2013_A.8.2.3 ISO 27001:2013 A.8.2.3 Handling of assets ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.8.3.1 ISO27001-2013_A.8.3.1 ISO 27001:2013 A.8.3.1 Management of removable media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.3.2 ISO27001-2013_A.8.3.2 ISO 27001:2013 A.8.3.2 Disposal of media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance ISO27001-2013 A.8.3.2 ISO27001-2013_A.8.3.2 ISO 27001:2013 A.8.3.2 Disposal of media ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance ISO27001-2013 A.8.3.3 ISO27001-2013_A.8.3.3 ISO 27001:2013 A.8.3.3 Physical media transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance ISO27001-2013 A.8.3.3 ISO27001-2013_A.8.3.3 ISO 27001:2013 A.8.3.3 Physical media transfer ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.1.1 ISO27001-2013_A.9.1.1 ISO 27001:2013 A.9.1.1 Access control policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 A.9.1.1 ISO27001-2013_A.9.1.1 ISO 27001:2013 A.9.1.1 Access control policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 A.9.1.1 ISO27001-2013_A.9.1.1 ISO 27001:2013 A.9.1.1 Access control policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 A.9.1.1 ISO27001-2013_A.9.1.1 ISO 27001:2013 A.9.1.1 Access control policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access to networks and network services ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 User registration and de-registration ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.2 ISO27001-2013_A.9.2.2 ISO 27001:2013 A.9.2.2 User access provisioning ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.3 ISO27001-2013_A.9.2.3 ISO 27001:2013 A.9.2.3 Management of privileged access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center ISO27001-2013 A.9.2.4 ISO27001-2013_A.9.2.4 ISO 27001:2013 A.9.2.4 Management of secret authentication information of users ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.5 ISO27001-2013_A.9.2.5 ISO 27001:2013 A.9.2.5 Review of user access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.2.6 ISO27001-2013_A.9.2.6 ISO 27001:2013 A.9.2.6 Removal or adjustment of access rights ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance ISO27001-2013 A.9.3.1 ISO27001-2013_A.9.3.1 ISO 27001:2013 A.9.3.1 Use of secret authentication information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance ISO27001-2013 A.9.4.1 ISO27001-2013_A.9.4.1 ISO 27001:2013 A.9.4.1 Information access restriction ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Secure log-on procedures ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance ISO27001-2013 A.9.4.3 ISO27001-2013_A.9.4.3 ISO 27001:2013 A.9.4.3 Password management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance ISO27001-2013 A.9.4.4 ISO27001-2013_A.9.4.4 ISO 27001:2013 A.9.4.4 Use of privileged utility programs ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance ISO27001-2013 A.9.4.5 ISO27001-2013_A.9.4.5 ISO 27001:2013 A.9.4.5 Access control to program source code ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.10.1.d ISO27001-2013_C.10.1.d ISO 27001:2013 C.10.1.d Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.10.1.e ISO27001-2013_C.10.1.e ISO 27001:2013 C.10.1.e Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.10.1.f ISO27001-2013_C.10.1.f ISO 27001:2013 C.10.1.f Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.10.1.f ISO27001-2013_C.10.1.f ISO 27001:2013 C.10.1.f Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.10.1.f ISO27001-2013_C.10.1.f ISO 27001:2013 C.10.1.f Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.10.1.g ISO27001-2013_C.10.1.g ISO 27001:2013 C.10.1.g Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.10.1.g ISO27001-2013_C.10.1.g ISO 27001:2013 C.10.1.g Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.10.1.g ISO27001-2013_C.10.1.g ISO 27001:2013 C.10.1.g Nonconformity and corrective action ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.4.3.a ISO27001-2013_C.4.3.a ISO 27001:2013 C.4.3.a Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.4.3.a ISO27001-2013_C.4.3.a ISO 27001:2013 C.4.3.a Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.4.3.a ISO27001-2013_C.4.3.a ISO 27001:2013 C.4.3.a Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.4.3.b ISO27001-2013_C.4.3.b ISO 27001:2013 C.4.3.b Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.4.3.b ISO27001-2013_C.4.3.b ISO 27001:2013 C.4.3.b Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.4.3.b ISO27001-2013_C.4.3.b ISO 27001:2013 C.4.3.b Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance ISO27001-2013 C.4.3.c ISO27001-2013_C.4.3.c ISO 27001:2013 C.4.3.c Determining the scope of the information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.4.4 ISO27001-2013_C.4.4 ISO 27001:2013 C.4.4 Information security management system ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.a ISO27001-2013_C.5.1.a ISO 27001:2013 C.5.1.a Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.1.b ISO27001-2013_C.5.1.b ISO 27001:2013 C.5.1.b Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.c ISO27001-2013_C.5.1.c ISO 27001:2013 C.5.1.c Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.d ISO27001-2013_C.5.1.d ISO 27001:2013 C.5.1.d Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.1.e ISO27001-2013_C.5.1.e ISO 27001:2013 C.5.1.e Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.e ISO27001-2013_C.5.1.e ISO 27001:2013 C.5.1.e Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.5.1.e ISO27001-2013_C.5.1.e ISO 27001:2013 C.5.1.e Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance ISO27001-2013 C.5.1.f ISO27001-2013_C.5.1.f ISO 27001:2013 C.5.1.f Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.5.1.g ISO27001-2013_C.5.1.g ISO 27001:2013 C.5.1.g Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.1.g ISO27001-2013_C.5.1.g ISO 27001:2013 C.5.1.g Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.g ISO27001-2013_C.5.1.g ISO 27001:2013 C.5.1.g Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance ISO27001-2013 C.5.1.h ISO27001-2013_C.5.1.h ISO 27001:2013 C.5.1.h Leadership and commitment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.a ISO27001-2013_C.5.2.a ISO 27001:2013 C.5.2.a Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.a ISO27001-2013_C.5.2.a ISO 27001:2013 C.5.2.a Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.a ISO27001-2013_C.5.2.a ISO 27001:2013 C.5.2.a Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.a ISO27001-2013_C.5.2.a ISO 27001:2013 C.5.2.a Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.b ISO27001-2013_C.5.2.b ISO 27001:2013 C.5.2.b Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.b ISO27001-2013_C.5.2.b ISO 27001:2013 C.5.2.b Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.b ISO27001-2013_C.5.2.b ISO 27001:2013 C.5.2.b Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.b ISO27001-2013_C.5.2.b ISO 27001:2013 C.5.2.b Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.c ISO27001-2013_C.5.2.c ISO 27001:2013 C.5.2.c Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.d ISO27001-2013_C.5.2.d ISO 27001:2013 C.5.2.d Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.e ISO27001-2013_C.5.2.e ISO 27001:2013 C.5.2.e Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.e ISO27001-2013_C.5.2.e ISO 27001:2013 C.5.2.e Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.e ISO27001-2013_C.5.2.e ISO 27001:2013 C.5.2.e Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.e ISO27001-2013_C.5.2.e ISO 27001:2013 C.5.2.e Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.f ISO27001-2013_C.5.2.f ISO 27001:2013 C.5.2.f Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance ISO27001-2013 C.5.2.f ISO27001-2013_C.5.2.f ISO 27001:2013 C.5.2.f Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance ISO27001-2013 C.5.2.f ISO27001-2013_C.5.2.f ISO 27001:2013 C.5.2.f Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.f ISO27001-2013_C.5.2.f ISO 27001:2013 C.5.2.f Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance ISO27001-2013 C.5.2.g ISO27001-2013_C.5.2.g ISO 27001:2013 C.5.2.g Policy ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.5.3.b ISO27001-2013_C.5.3.b ISO 27001:2013 C.5.3.b Organizational roles, responsibilities and authorities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.5.3.b ISO27001-2013_C.5.3.b ISO 27001:2013 C.5.3.b Organizational roles, responsibilities and authorities ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.a ISO27001-2013_C.6.1.1.a ISO 27001:2013 C.6.1.1.a General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.a ISO27001-2013_C.6.1.1.a ISO 27001:2013 C.6.1.1.a General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.a ISO27001-2013_C.6.1.1.a ISO 27001:2013 C.6.1.1.a General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.b ISO27001-2013_C.6.1.1.b ISO 27001:2013 C.6.1.1.b General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.b ISO27001-2013_C.6.1.1.b ISO 27001:2013 C.6.1.1.b General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.b ISO27001-2013_C.6.1.1.b ISO 27001:2013 C.6.1.1.b General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.c ISO27001-2013_C.6.1.1.c ISO 27001:2013 C.6.1.1.c General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.c ISO27001-2013_C.6.1.1.c ISO 27001:2013 C.6.1.1.c General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.c ISO27001-2013_C.6.1.1.c ISO 27001:2013 C.6.1.1.c General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.d ISO27001-2013_C.6.1.1.d ISO 27001:2013 C.6.1.1.d General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.d ISO27001-2013_C.6.1.1.d ISO 27001:2013 C.6.1.1.d General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.d ISO27001-2013_C.6.1.1.d ISO 27001:2013 C.6.1.1.d General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.e.1 ISO27001-2013_C.6.1.1.e.1 ISO 27001:2013 C.6.1.1.e.1 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.1.e.1 ISO27001-2013_C.6.1.1.e.1 ISO 27001:2013 C.6.1.1.e.1 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.e.1 ISO27001-2013_C.6.1.1.e.1 ISO 27001:2013 C.6.1.1.e.1 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.e.2 ISO27001-2013_C.6.1.1.e.2 ISO 27001:2013 C.6.1.1.e.2 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.6.1.1.e.2 ISO27001-2013_C.6.1.1.e.2 ISO 27001:2013 C.6.1.1.e.2 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.1.e.2 ISO27001-2013_C.6.1.1.e.2 ISO 27001:2013 C.6.1.1.e.2 General ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.a.1 ISO27001-2013_C.6.1.2.a.1 ISO 27001:2013 C.6.1.2.a.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.a.1 ISO27001-2013_C.6.1.2.a.1 ISO 27001:2013 C.6.1.2.a.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.a.2 ISO27001-2013_C.6.1.2.a.2 ISO 27001:2013 C.6.1.2.a.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.a.2 ISO27001-2013_C.6.1.2.a.2 ISO 27001:2013 C.6.1.2.a.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.b ISO27001-2013_C.6.1.2.b ISO 27001:2013 C.6.1.2.b Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.c.1 ISO27001-2013_C.6.1.2.c.1 ISO 27001:2013 C.6.1.2.c.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.c.1 ISO27001-2013_C.6.1.2.c.1 ISO 27001:2013 C.6.1.2.c.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.c.2 ISO27001-2013_C.6.1.2.c.2 ISO 27001:2013 C.6.1.2.c.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.c.2 ISO27001-2013_C.6.1.2.c.2 ISO 27001:2013 C.6.1.2.c.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.d.1 ISO27001-2013_C.6.1.2.d.1 ISO 27001:2013 C.6.1.2.d.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.d.1 ISO27001-2013_C.6.1.2.d.1 ISO 27001:2013 C.6.1.2.d.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.d.2 ISO27001-2013_C.6.1.2.d.2 ISO 27001:2013 C.6.1.2.d.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.d.2 ISO27001-2013_C.6.1.2.d.2 ISO 27001:2013 C.6.1.2.d.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.d.3 ISO27001-2013_C.6.1.2.d.3 ISO 27001:2013 C.6.1.2.d.3 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.d.3 ISO27001-2013_C.6.1.2.d.3 ISO 27001:2013 C.6.1.2.d.3 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.e.1 ISO27001-2013_C.6.1.2.e.1 ISO 27001:2013 C.6.1.2.e.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.e.1 ISO27001-2013_C.6.1.2.e.1 ISO 27001:2013 C.6.1.2.e.1 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.6.1.2.e.2 ISO27001-2013_C.6.1.2.e.2 ISO 27001:2013 C.6.1.2.e.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance ISO27001-2013 C.6.1.2.e.2 ISO27001-2013_C.6.1.2.e.2 ISO 27001:2013 C.6.1.2.e.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.a ISO27001-2013_C.6.1.3.a ISO 27001:2013 C.6.1.3.a Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.b ISO27001-2013_C.6.1.3.b ISO 27001:2013 C.6.1.3.b Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.c ISO27001-2013_C.6.1.3.c ISO 27001:2013 C.6.1.3.c Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.6.1.3.d ISO27001-2013_C.6.1.3.d ISO 27001:2013 C.6.1.3.d Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.e ISO27001-2013_C.6.1.3.e ISO 27001:2013 C.6.1.3.e Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.6.1.3.f ISO27001-2013_C.6.1.3.f ISO 27001:2013 C.6.1.3.f Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.6.2.e ISO27001-2013_C.6.2.e ISO 27001:2013 C.6.2.e Information security objectives and planning to achieve them ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.6.2.e ISO27001-2013_C.6.2.e ISO 27001:2013 C.6.2.e Information security objectives and planning to achieve them ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
464a7d7a-2358-4869-0b49-6d582ca21292 Ensure capital planning and investment requests include necessary resources Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2d14ff7e-6ff9-838c-0cde-4962ccdb1689 Employ business case to record the resources required Regulatory Compliance ISO27001-2013 C.7.1 ISO27001-2013_C.7.1 ISO 27001:2013 C.7.1 Resources ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 C.7.2.a ISO27001-2013_C.7.2.a ISO 27001:2013 C.7.2.a Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance ISO27001-2013 C.7.2.a ISO27001-2013_C.7.2.a ISO 27001:2013 C.7.2.a Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance ISO27001-2013 C.7.2.a ISO27001-2013_C.7.2.a ISO 27001:2013 C.7.2.a Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance ISO27001-2013 C.7.2.b ISO27001-2013_C.7.2.b ISO 27001:2013 C.7.2.b Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance ISO27001-2013 C.7.2.c ISO27001-2013_C.7.2.c ISO 27001:2013 C.7.2.c Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance ISO27001-2013 C.7.2.d ISO27001-2013_C.7.2.d ISO 27001:2013 C.7.2.d Competence ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 C.7.3.a ISO27001-2013_C.7.3.a ISO 27001:2013 C.7.3.a Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 C.7.3.a ISO27001-2013_C.7.3.a ISO 27001:2013 C.7.3.a Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 C.7.3.a ISO27001-2013_C.7.3.a ISO 27001:2013 C.7.3.a Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 C.7.3.b ISO27001-2013_C.7.3.b ISO 27001:2013 C.7.3.b Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 C.7.3.b ISO27001-2013_C.7.3.b ISO 27001:2013 C.7.3.b Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 C.7.3.b ISO27001-2013_C.7.3.b ISO 27001:2013 C.7.3.b Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance ISO27001-2013 C.7.3.c ISO27001-2013_C.7.3.c ISO 27001:2013 C.7.3.c Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance ISO27001-2013 C.7.3.c ISO27001-2013_C.7.3.c ISO 27001:2013 C.7.3.c Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance ISO27001-2013 C.7.3.c ISO27001-2013_C.7.3.c ISO 27001:2013 C.7.3.c Awareness ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.a ISO27001-2013_C.7.4.a ISO 27001:2013 C.7.4.a Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.a ISO27001-2013_C.7.4.a ISO 27001:2013 C.7.4.a Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.a ISO27001-2013_C.7.4.a ISO 27001:2013 C.7.4.a Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.a ISO27001-2013_C.7.4.a ISO 27001:2013 C.7.4.a Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.b ISO27001-2013_C.7.4.b ISO 27001:2013 C.7.4.b Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.b ISO27001-2013_C.7.4.b ISO 27001:2013 C.7.4.b Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.b ISO27001-2013_C.7.4.b ISO 27001:2013 C.7.4.b Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.b ISO27001-2013_C.7.4.b ISO 27001:2013 C.7.4.b Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.c ISO27001-2013_C.7.4.c ISO 27001:2013 C.7.4.c Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.c ISO27001-2013_C.7.4.c ISO 27001:2013 C.7.4.c Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.c ISO27001-2013_C.7.4.c ISO 27001:2013 C.7.4.c Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.c ISO27001-2013_C.7.4.c ISO 27001:2013 C.7.4.c Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.d ISO27001-2013_C.7.4.d ISO 27001:2013 C.7.4.d Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.d ISO27001-2013_C.7.4.d ISO 27001:2013 C.7.4.d Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.d ISO27001-2013_C.7.4.d ISO 27001:2013 C.7.4.d Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.d ISO27001-2013_C.7.4.d ISO 27001:2013 C.7.4.d Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.4.e ISO27001-2013_C.7.4.e ISO 27001:2013 C.7.4.e Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.4.e ISO27001-2013_C.7.4.e ISO 27001:2013 C.7.4.e Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance ISO27001-2013 C.7.4.e ISO27001-2013_C.7.4.e ISO 27001:2013 C.7.4.e Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.4.e ISO27001-2013_C.7.4.e ISO 27001:2013 C.7.4.e Communication ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance ISO27001-2013 C.7.5.2.c ISO27001-2013_C.7.5.2.c ISO 27001:2013 C.7.5.2.c Creating and updating ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.7.5.3.a ISO27001-2013_C.7.5.3.a ISO 27001:2013 C.7.5.3.a Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.5.3.b ISO27001-2013_C.7.5.3.b ISO 27001:2013 C.7.5.3.b Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.5.3.b ISO27001-2013_C.7.5.3.b ISO 27001:2013 C.7.5.3.b Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.5.3.b ISO27001-2013_C.7.5.3.b ISO 27001:2013 C.7.5.3.b Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.7.5.3.c ISO27001-2013_C.7.5.3.c ISO 27001:2013 C.7.5.3.c Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.5.3.d ISO27001-2013_C.7.5.3.d ISO 27001:2013 C.7.5.3.d Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.5.3.d ISO27001-2013_C.7.5.3.d ISO 27001:2013 C.7.5.3.d Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.5.3.d ISO27001-2013_C.7.5.3.d ISO 27001:2013 C.7.5.3.d Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.5.3.e ISO27001-2013_C.7.5.3.e ISO 27001:2013 C.7.5.3.e Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.5.3.e ISO27001-2013_C.7.5.3.e ISO 27001:2013 C.7.5.3.e Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.5.3.e ISO27001-2013_C.7.5.3.e ISO 27001:2013 C.7.5.3.e Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.7.5.3.f ISO27001-2013_C.7.5.3.f ISO 27001:2013 C.7.5.3.f Control of documented information ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance ISO27001-2013 C.8.1 ISO27001-2013_C.8.1 ISO 27001:2013 C.8.1 Operational planning and control ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance ISO27001-2013 C.8.2 ISO27001-2013_C.8.2 ISO 27001:2013 C.8.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance ISO27001-2013 C.8.2 ISO27001-2013_C.8.2 ISO 27001:2013 C.8.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance ISO27001-2013 C.8.2 ISO27001-2013_C.8.2 ISO 27001:2013 C.8.2 Information security risk assessment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.8.3 ISO27001-2013_C.8.3 ISO 27001:2013 C.8.3 Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance ISO27001-2013 C.8.3 ISO27001-2013_C.8.3 ISO 27001:2013 C.8.3 Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance ISO27001-2013 C.8.3 ISO27001-2013_C.8.3 ISO 27001:2013 C.8.3 Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.8.3 ISO27001-2013_C.8.3 ISO 27001:2013 C.8.3 Information security risk treatment ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.a ISO27001-2013_C.9.1.a ISO 27001:2013 C.9.1.a Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.a ISO27001-2013_C.9.1.a ISO 27001:2013 C.9.1.a Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.a ISO27001-2013_C.9.1.a ISO 27001:2013 C.9.1.a Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.b ISO27001-2013_C.9.1.b ISO 27001:2013 C.9.1.b Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.b ISO27001-2013_C.9.1.b ISO 27001:2013 C.9.1.b Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.b ISO27001-2013_C.9.1.b ISO 27001:2013 C.9.1.b Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.c ISO27001-2013_C.9.1.c ISO 27001:2013 C.9.1.c Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.c ISO27001-2013_C.9.1.c ISO 27001:2013 C.9.1.c Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.c ISO27001-2013_C.9.1.c ISO 27001:2013 C.9.1.c Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.d ISO27001-2013_C.9.1.d ISO 27001:2013 C.9.1.d Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.d ISO27001-2013_C.9.1.d ISO 27001:2013 C.9.1.d Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.d ISO27001-2013_C.9.1.d ISO 27001:2013 C.9.1.d Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.e ISO27001-2013_C.9.1.e ISO 27001:2013 C.9.1.e Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.e ISO27001-2013_C.9.1.e ISO 27001:2013 C.9.1.e Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.e ISO27001-2013_C.9.1.e ISO 27001:2013 C.9.1.e Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance ISO27001-2013 C.9.1.f ISO27001-2013_C.9.1.f ISO 27001:2013 C.9.1.f Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance ISO27001-2013 C.9.1.f ISO27001-2013_C.9.1.f ISO 27001:2013 C.9.1.f Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance ISO27001-2013 C.9.1.f ISO27001-2013_C.9.1.f ISO 27001:2013 C.9.1.f Monitoring, measurement, analysis and evaluation ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.a.1 ISO27001-2013_C.9.2.a.1 ISO 27001:2013 C.9.2.a.1 Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.a.2 ISO27001-2013_C.9.2.a.2 ISO 27001:2013 C.9.2.a.2 Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.b ISO27001-2013_C.9.2.b ISO 27001:2013 C.9.2.b Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.2.c ISO27001-2013_C.9.2.c ISO 27001:2013 C.9.2.c Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.c ISO27001-2013_C.9.2.c ISO 27001:2013 C.9.2.c Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance ISO27001-2013 C.9.2.d ISO27001-2013_C.9.2.d ISO 27001:2013 C.9.2.d Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance ISO27001-2013 C.9.2.f ISO27001-2013_C.9.2.f ISO 27001:2013 C.9.2.f Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance ISO27001-2013 C.9.2.g ISO27001-2013_C.9.2.g ISO 27001:2013 C.9.2.g Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance ISO27001-2013 C.9.2.g ISO27001-2013_C.9.2.g ISO 27001:2013 C.9.2.g Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance ISO27001-2013 C.9.2.g ISO27001-2013_C.9.2.g ISO 27001:2013 C.9.2.g Internal audit ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
d93fe1be-13e4-421d-9c21-3158e2fa2667 Implement plans of action and milestones for security program process Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.9.3.b ISO27001-2013_C.9.3.b ISO 27001:2013 C.9.3.b Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.b ISO27001-2013_C.9.3.b ISO 27001:2013 C.9.3.b Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.b ISO27001-2013_C.9.3.b ISO 27001:2013 C.9.3.b Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.b ISO27001-2013_C.9.3.b ISO 27001:2013 C.9.3.b Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.c.1 ISO27001-2013_C.9.3.c.1 ISO 27001:2013 C.9.3.c.1 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance ISO27001-2013 C.9.3.c.2 ISO27001-2013_C.9.3.c.2 ISO 27001:2013 C.9.3.c.2 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.c.2 ISO27001-2013_C.9.3.c.2 ISO 27001:2013 C.9.3.c.2 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.c.2 ISO27001-2013_C.9.3.c.2 ISO 27001:2013 C.9.3.c.2 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.c.2 ISO27001-2013_C.9.3.c.2 ISO 27001:2013 C.9.3.c.2 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.c.3 ISO27001-2013_C.9.3.c.3 ISO 27001:2013 C.9.3.c.3 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.c.3 ISO27001-2013_C.9.3.c.3 ISO 27001:2013 C.9.3.c.3 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.c.3 ISO27001-2013_C.9.3.c.3 ISO 27001:2013 C.9.3.c.3 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.9.3.c.3 ISO27001-2013_C.9.3.c.3 ISO 27001:2013 C.9.3.c.3 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
39999038-9ef1-602a-158c-ce2367185230 Define performance metrics Regulatory Compliance ISO27001-2013 C.9.3.c.4 ISO27001-2013_C.9.3.c.4 ISO 27001:2013 C.9.3.c.4 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.c.4 ISO27001-2013_C.9.3.c.4 ISO 27001:2013 C.9.3.c.4 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.c.4 ISO27001-2013_C.9.3.c.4 ISO 27001:2013 C.9.3.c.4 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.c.4 ISO27001-2013_C.9.3.c.4 ISO 27001:2013 C.9.3.c.4 Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.d ISO27001-2013_C.9.3.d ISO 27001:2013 C.9.3.d Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.d ISO27001-2013_C.9.3.d ISO 27001:2013 C.9.3.d Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.d ISO27001-2013_C.9.3.d ISO 27001:2013 C.9.3.d Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.e ISO27001-2013_C.9.3.e ISO 27001:2013 C.9.3.e Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.e ISO27001-2013_C.9.3.e ISO 27001:2013 C.9.3.e Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.e ISO27001-2013_C.9.3.e ISO 27001:2013 C.9.3.e Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance ISO27001-2013 C.9.3.f ISO27001-2013_C.9.3.f ISO 27001:2013 C.9.3.f Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance ISO27001-2013 C.9.3.f ISO27001-2013_C.9.3.f ISO 27001:2013 C.9.3.f Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance ISO27001-2013 C.9.3.f ISO27001-2013_C.9.3.f ISO 27001:2013 C.9.3.f Management review ISO 27001:2013 (89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
b2982f36-99f2-4db5-8eff-283140c09693 Storage accounts should disable public network access Storage mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ac673a9a-f77d-4846-b2d8-a57f8e1c01dc Configure key vaults to enable firewall Key Vault mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4598f028-de1f-4694-8751-84dceb5f86b9 Azure Web Application Firewall on Azure Front Door should have request body inspection enabled Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43bc7be6-5e69-4b0d-a2bb-e815557ca673 Public network access on Azure Data Explorer should be disabled Azure Data Explorer mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca85ef9a-741d-461d-8b7a-18c2da82c666 Azure Web Application Firewall on Azure Application Gateway should have request body inspection enabled Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
62a3ae95-8169-403e-a2d2-b82141448092 Modify Azure SignalR Service resources to disable public network access SignalR mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e7e928c-8693-4a23-9bf3-1c77b9a8fe97 Azure Attestation providers should disable public network access Attestation mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
882e19a6-996f-400e-a30f-c090887254f4 Migrate WAF from WAF Config to WAF Policy on Application Gateway Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd870362-211d-4cad-9ad9-11e5ea4ebbc1 Public network access should be disabled for IoT Central Internet of Things mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dfbd9a64-6114-48de-a47d-90574dc2e489 MariaDB server should use a virtual network service endpoint SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e52e8487-4a97-48ac-b3e6-1c3cef45d298 Enable Rate Limit rule to protect against DDoS attacks on Azure Front Door WAF Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c14b034-bcb6-4905-94e7-5b8e98a47b65 PostgreSQL server should use a virtual network service endpoint SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a06d0189-92e8-4dba-b0c4-08d7669fce7d Configure storage accounts to disable public network access Storage mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21a9766a-82a5-4747-abb5-650b6dbba6d0 Azure SignalR Service should disable public network access SignalR mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3375856c-3824-4e0e-ae6a-79e011dd4c47 MySQL server should use a virtual network service endpoint SQL mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network mp.com.1 Secure perimeter mp.com.1 Secure perimeter 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.com.2 Protection of confidentiality mp.com.2 Protection of confidentiality 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage mp.com.3 Protection of integrity and authenticity mp.com.3 Protection of integrity and authenticity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.com.4 Separation of information flows on the network mp.com.4 Separation of information flows on the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.eq.1 Clear desk mp.eq.1 Clear desk 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance mp.eq.2 User session lockout mp.eq.2 User session lockout 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.2 Identification of persons mp.if.2 Identification of persons 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.4 Electrical energy mp.if.4 Electrical energy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.if.5 Fire protection mp.if.5 Fire protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.6 Flood protection mp.if.6 Flood protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.if.7 Recording of entries and exits of equipment mp.if.7 Recording of entries and exits of equipment 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance mp.info.1 Personal data mp.info.1 Personal data 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.info.2 Rating of information mp.info.2 Rating of information 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance mp.info.3 Electronic signature mp.info.3 Electronic signature 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.info.4 Time stamps mp.info.4 Time stamps 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.info.5 Clean-up of documents mp.info.5 Clean-up of documents 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.info.5 Clean-up of documents mp.info.5 Clean-up of documents 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.info.5 Clean-up of documents mp.info.5 Clean-up of documents 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.info.5 Clean-up of documents mp.info.5 Clean-up of documents 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09ce66bc-1220-4153-8104-e3f51c936913 Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83644c87-93dd-49fe-bf9f-6aff8fd0834e Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
615b01c4-d565-4f6f-8c6e-d130268e3a1a [Preview]: Configure backup for blobs on storage accounts with a given tag to an existing backup vault in the same region Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
958dbd4e-0e20-4385-a082-d3f20c2a6ad8 [Preview]: Configure blob backup for all storage accounts that do not contain a given tag to a backup vault in the same region Backup mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance mp.info.6 Backups mp.info.6 Backups 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance mp.per.1 Job characterization mp.per.1 Job characterization 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance mp.per.2 Duties and obligations mp.per.2 Duties and obligations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.per.3 Awareness mp.per.3 Awareness 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.per.4 Training mp.per.4 Training 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0da6faeb-d6c6-4f6e-9f49-06277493270b Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Log Analytics Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e52e8487-4a97-48ac-b3e6-1c3cef45d298 Enable Rate Limit rule to protect against DDoS attacks on Azure Front Door WAF Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca85ef9a-741d-461d-8b7a-18c2da82c666 Azure Web Application Firewall on Azure Application Gateway should have request body inspection enabled Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4598f028-de1f-4694-8751-84dceb5f86b9 Azure Web Application Firewall on Azure Front Door should have request body inspection enabled Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cdcb825f-a0fb-31f9-29c1-ab566718499a Publish Computer Matching Agreements on public website Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c3e4fa5d-c0c4-46c4-9a13-bb9b9f0b003f Microsoft Managed Control 1865 - System of Records Notices And Privacy Act Statements | Public Website Publication Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66632c7c-d0b3-4945-a8ae-e5c62cbea386 Microsoft Managed Control 1829 - Data Integrity And Data Integrity Board | Publish Agreements on Website Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee8a7be2-e9b5-47b9-9d37-d9b141ea78a4 Azure Web PubSub Service should enable diagnostic logs Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Configure Azure Defender for App Service to be enabled Security Center mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0b026355-49cb-467b-8ac4-f777874e175a Configure Azure Web PubSub Service to use private DNS zones Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b9c0b58-fc7b-42c8-8010-cdfa1d1b8544 Configure Azure Web PubSub Service with private endpoints Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa98f1b1-1f56-4179-9faf-93ad82f3458f Function app slots should use latest 'HTTP Version' App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d19ae5f1-b303-4b82-9ca8-7682749faf0c Configure a private DNS Zone ID for web_secondary groupID Storage mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd906338-3453-47ba-9334-2d654bf845af Azure Front Door Standard or Premium (Plus WAF) should have resource logs enabled Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bf6af3d2-fbd5-458f-8a40-2556cf539b45 Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Storage Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f9d984-90c8-43dd-b7a6-76cb694815c1 Configure Azure Web PubSub Service to disable local authentication Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b66ab71c-582d-4330-adfd-ac162e78691e Azure Web PubSub Service should have local authentication methods disabled Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9adab2a5-05ba-4fbd-831a-5bf958d04218 Configure a private DNS Zone ID for web groupID Storage mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bf45113f-264e-4a87-88f9-29ac8a0aca6a Azure Web PubSub Service should disable public network access Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d034ef2-001c-46f6-a47b-e6e4a74ff89b Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Event Hub Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4dcfb8b5-05cd-4090-a931-2ec29057e1fc App Service app slots should use latest 'HTTP Version' App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b1213e4-06e4-4ccc-81de-4201f2f7131a Configure Azure Web PubSub Service to disable public network access Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
24b7a1c6-44fe-40cc-a2e6-242d2ef70e98 App Service app slots should be injected into a virtual network App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82909236-25f3-46a6-841c-fe1020f95ae1 Azure Web PubSub Service should use a SKU that supports private link Web PubSub mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a04f872-51e9-4313-97fb-fc1c3543011c Azure Application Gateway should have Resource logs enabled Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a04f872-51e9-4313-97fb-fc1c35430fd8 Azure Front Door should have Resource logs enabled Monitoring mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72d04c29-f87d-4575-9731-419ff16a2757 App Service apps should be injected into a virtual network App Service mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e52e8487-4a97-48ac-b3e6-1c3cef45d298 Enable Rate Limit rule to protect against DDoS attacks on Azure Front Door WAF Network mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
752154a7-1e0f-45c6-a880-ac75a7e4f648 Public IP addresses should have resource logs enabled for Azure DDoS Protection Monitoring mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d Virtual networks should be protected by Azure DDoS Protection Network mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance mp.s.4 Protection against denial of service mp.s.4 Protection against denial of service 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance mp.si.1 Marking mp.si.1 Marking 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance mp.si.2 Cryptography mp.si.2 Cryptography 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance mp.si.3 Custody mp.si.3 Custody 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance mp.si.4 Transport mp.si.4 Transport 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.si.5 Erasure and destruction mp.si.5 Erasure and destruction 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf79f602-1e60-5423-6c0c-e632c2ea1fc0 Implement controls to protect PII Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance mp.sw.1 IT Aplications development mp.sw.1 IT Aplications development 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf79f602-1e60-5423-6c0c-e632c2ea1fc0 Implement controls to protect PII Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance mp.sw.2 Acceptance and commissioning mp.sw.2 Acceptance and commissioning 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.1 NIST_SP_800-171_R2_3.1.1 NIST SP 800-171 R2 3.1.1 Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance NIST_SP_800-171_R2_3 .1.11 NIST_SP_800-171_R2_3.1.11 NIST SP 800-171 R2 3.1.11 Terminate (automatically) a user session after a defined condition. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.12 NIST_SP_800-171_R2_3.1.12 NIST SP 800-171 R2 3.1.12 Monitor and control remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-171_R2_3 .1.13 NIST_SP_800-171_R2_3.1.13 NIST SP 800-171 R2 3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.14 NIST_SP_800-171_R2_3.1.14 NIST SP 800-171 R2 3.1.14 Route remote access via managed access control points. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-171_R2_3 .1.15 NIST_SP_800-171_R2_3.1.15 NIST SP 800-171 R2 3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-171_R2_3 .1.16 NIST_SP_800-171_R2_3.1.16 NIST SP 800-171 R2 3.1.16 Authorize wireless access prior to allowing such connections NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-171_R2_3 .1.16 NIST_SP_800-171_R2_3.1.16 NIST SP 800-171 R2 3.1.16 Authorize wireless access prior to allowing such connections NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-171_R2_3 .1.17 NIST_SP_800-171_R2_3.1.17 NIST SP 800-171 R2 3.1.17 Protect wireless access using authentication and encryption NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-171_R2_3 .1.17 NIST_SP_800-171_R2_3.1.17 NIST SP 800-171 R2 3.1.17 Protect wireless access using authentication and encryption NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-171_R2_3 .1.17 NIST_SP_800-171_R2_3.1.17 NIST SP 800-171 R2 3.1.17 Protect wireless access using authentication and encryption NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-171_R2_3 .1.18 NIST_SP_800-171_R2_3.1.18 NIST SP 800-171 R2 3.1.18 Control connection of mobile devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-171_R2_3 .1.19 NIST_SP_800-171_R2_3.1.19 NIST SP 800-171 R2 3.1.19 Encrypt CUI on mobile devices and mobile computing platforms NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-171_R2_3 .1.19 NIST_SP_800-171_R2_3.1.19 NIST SP 800-171 R2 3.1.19 Encrypt CUI on mobile devices and mobile computing platforms NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .1.2 NIST_SP_800-171_R2_3.1.2 NIST SP 800-171 R2 3.1.2 Limit system access to the types of transactions and functions that authorized users are permitted to execute. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance NIST_SP_800-171_R2_3 .1.20 NIST_SP_800-171_R2_3.1.20 NIST SP 800-171 R2 3.1.20 Verify and control/limit connections to and use of external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance NIST_SP_800-171_R2_3 .1.20 NIST_SP_800-171_R2_3.1.20 NIST SP 800-171 R2 3.1.20 Verify and control/limit connections to and use of external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .1.21 NIST_SP_800-171_R2_3.1.21 NIST SP 800-171 R2 3.1.21 Limit use of portable storage devices on external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-171_R2_3 .1.21 NIST_SP_800-171_R2_3.1.21 NIST SP 800-171 R2 3.1.21 Limit use of portable storage devices on external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .1.21 NIST_SP_800-171_R2_3.1.21 NIST SP 800-171 R2 3.1.21 Limit use of portable storage devices on external systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance NIST_SP_800-171_R2_3 .1.22 NIST_SP_800-171_R2_3.1.22 NIST SP 800-171 R2 3.1.22 Control CUI posted or processed on publicly accessible systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance NIST_SP_800-171_R2_3 .1.22 NIST_SP_800-171_R2_3.1.22 NIST SP 800-171 R2 3.1.22 Control CUI posted or processed on publicly accessible systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance NIST_SP_800-171_R2_3 .1.22 NIST_SP_800-171_R2_3.1.22 NIST SP 800-171 R2 3.1.22 Control CUI posted or processed on publicly accessible systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance NIST_SP_800-171_R2_3 .1.22 NIST_SP_800-171_R2_3.1.22 NIST SP 800-171 R2 3.1.22 Control CUI posted or processed on publicly accessible systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .1.3 NIST_SP_800-171_R2_3.1.3 NIST SP 800-171 R2 3.1.3 Control the flow of CUI in accordance with approved authorizations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NIST_SP_800-171_R2_3 .1.4 NIST_SP_800-171_R2_3.1.4 NIST SP 800-171 R2 3.1.4 Separate the duties of individuals to reduce the risk of malevolent activity without collusion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-171_R2_3 .1.5 NIST_SP_800-171_R2_3.1.5 NIST SP 800-171 R2 3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-171_R2_3 .1.7 NIST_SP_800-171_R2_3.1.7 NIST SP 800-171 R2 3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance NIST_SP_800-171_R2_3 .1.8 NIST_SP_800-171_R2_3.1.8 NIST SP 800-171 R2 3.1.8 Limit unsuccessful logon attempts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-171_R2_3 .10.1 NIST_SP_800-171_R2_3.10.1 NIST SP 800-171 R2 3.10.1 Limit physical access to organizational systems, equipment, and the respective operating environments to authorized individuals. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance NIST_SP_800-171_R2_3 .10.2 NIST_SP_800-171_R2_3.10.2 NIST SP 800-171 R2 3.10.2 Protect and monitor the physical facility and support infrastructure for organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-171_R2_3 .10.2 NIST_SP_800-171_R2_3.10.2 NIST SP 800-171 R2 3.10.2 Protect and monitor the physical facility and support infrastructure for organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-171_R2_3 .10.3 NIST_SP_800-171_R2_3.10.3 NIST SP 800-171 R2 3.10.3 Escort visitors and monitor visitor activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-171_R2_3 .10.3 NIST_SP_800-171_R2_3.10.3 NIST SP 800-171 R2 3.10.3 Escort visitors and monitor visitor activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-171_R2_3 .10.4 NIST_SP_800-171_R2_3.10.4 NIST SP 800-171 R2 3.10.4 Maintain audit logs of physical access. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-171_R2_3 .10.5 NIST_SP_800-171_R2_3.10.5 NIST SP 800-171 R2 3.10.5 Control and manage physical access devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-171_R2_3 .10.5 NIST_SP_800-171_R2_3.10.5 NIST SP 800-171 R2 3.10.5 Control and manage physical access devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-171_R2_3 .10.5 NIST_SP_800-171_R2_3.10.5 NIST SP 800-171 R2 3.10.5 Control and manage physical access devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-171_R2_3 .10.5 NIST_SP_800-171_R2_3.10.5 NIST SP 800-171 R2 3.10.5 Control and manage physical access devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-171_R2_3 .10.6 NIST_SP_800-171_R2_3.10.6 NIST SP 800-171 R2 3.10.6 Enforce safeguarding measures for CUI at alternate work sites. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-171_R2_3 .11.1 NIST_SP_800-171_R2_3.11.1 NIST SP 800-171 R2 3.11.1 Periodically assess the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-171_R2_3 .11.1 NIST_SP_800-171_R2_3.11.1 NIST SP 800-171 R2 3.11.1 Periodically assess the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .11.2 NIST_SP_800-171_R2_3.11.2 NIST SP 800-171 R2 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .11.3 NIST_SP_800-171_R2_3.11.3 NIST SP 800-171 R2 3.11.3 Remediate vulnerabilities in accordance with risk assessments. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance NIST_SP_800-171_R2_3 .12.1 NIST_SP_800-171_R2_3.12.1 NIST SP 800-171 R2 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance NIST_SP_800-171_R2_3 .12.1 NIST_SP_800-171_R2_3.12.1 NIST SP 800-171 R2 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance NIST_SP_800-171_R2_3 .12.1 NIST_SP_800-171_R2_3.12.1 NIST SP 800-171 R2 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance NIST_SP_800-171_R2_3 .12.1 NIST_SP_800-171_R2_3.12.1 NIST SP 800-171 R2 3.12.1 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d93fe1be-13e4-421d-9c21-3158e2fa2667 Implement plans of action and milestones for security program process Regulatory Compliance NIST_SP_800-171_R2_3 .12.2 NIST_SP_800-171_R2_3.12.2 NIST SP 800-171 R2 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance NIST_SP_800-171_R2_3 .12.2 NIST_SP_800-171_R2_3.12.2 NIST SP 800-171 R2 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance NIST_SP_800-171_R2_3 .12.2 NIST_SP_800-171_R2_3.12.2 NIST SP 800-171 R2 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-171_R2_3 .12.2 NIST_SP_800-171_R2_3.12.2 NIST SP 800-171 R2 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-171_R2_3 .12.3 NIST_SP_800-171_R2_3.12.3 NIST SP 800-171 R2 3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-171_R2_3 .12.3 NIST_SP_800-171_R2_3.12.3 NIST SP 800-171 R2 3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance NIST_SP_800-171_R2_3 .12.3 NIST_SP_800-171_R2_3.12.3 NIST SP 800-171 R2 3.12.3 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance NIST_SP_800-171_R2_3 .12.4 NIST_SP_800-171_R2_3.12.4 NIST SP 800-171 R2 3.12.4 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .13.1 NIST_SP_800-171_R2_3.13.1 NIST SP 800-171 R2 3.13.1 Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 Establish and manage cryptographic keys for cryptography employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-171_R2_3 .13.11 NIST_SP_800-171_R2_3.13.11 NIST SP 800-171 R2 3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance NIST_SP_800-171_R2_3 .13.12 NIST_SP_800-171_R2_3.13.12 NIST SP 800-171 R2 3.13.12 Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance NIST_SP_800-171_R2_3 .13.12 NIST_SP_800-171_R2_3.13.12 NIST SP 800-171 R2 3.13.12 Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance NIST_SP_800-171_R2_3 .13.13 NIST_SP_800-171_R2_3.13.13 NIST SP 800-171 R2 3.13.13 Control and monitor the use of mobile code. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance NIST_SP_800-171_R2_3 .13.13 NIST_SP_800-171_R2_3.13.13 NIST SP 800-171 R2 3.13.13 Control and monitor the use of mobile code. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NIST_SP_800-171_R2_3 .13.13 NIST_SP_800-171_R2_3.13.13 NIST SP 800-171 R2 3.13.13 Control and monitor the use of mobile code. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance NIST_SP_800-171_R2_3 .13.14 NIST_SP_800-171_R2_3.13.14 NIST SP 800-171 R2 3.13.14 Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance NIST_SP_800-171_R2_3 .13.14 NIST_SP_800-171_R2_3.13.14 NIST SP 800-171 R2 3.13.14 Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-171_R2_3 .13.15 NIST_SP_800-171_R2_3.13.15 NIST SP 800-171 R2 3.13.15 Protect the authenticity of communications sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance NIST_SP_800-171_R2_3 .13.15 NIST_SP_800-171_R2_3.13.15 NIST SP 800-171 R2 3.13.15 Protect the authenticity of communications sessions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-171_R2_3 .13.16 NIST_SP_800-171_R2_3.13.16 NIST SP 800-171 R2 3.13.16 Protect the confidentiality of CUI at rest. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .13.2 NIST_SP_800-171_R2_3.13.2 NIST SP 800-171 R2 3.13.2 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance NIST_SP_800-171_R2_3 .13.3 NIST_SP_800-171_R2_3.13.3 NIST SP 800-171 R2 3.13.3 Separate user functionality from system management functionality. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance NIST_SP_800-171_R2_3 .13.3 NIST_SP_800-171_R2_3.13.3 NIST SP 800-171 R2 3.13.3 Separate user functionality from system management functionality. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-171_R2_3 .13.3 NIST_SP_800-171_R2_3.13.3 NIST SP 800-171 R2 3.13.3 Separate user functionality from system management functionality. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-171_R2_3 .13.5 NIST_SP_800-171_R2_3.13.5 NIST SP 800-171 R2 3.13.5 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-171_R2_3 .13.6 NIST_SP_800-171_R2_3.13.6 NIST SP 800-171 R2 3.13.6 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance NIST_SP_800-171_R2_3 .13.7 NIST_SP_800-171_R2_3.13.7 NIST SP 800-171 R2 3.13.7 Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling). NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-171_R2_3 .13.8 NIST_SP_800-171_R2_3.13.8 NIST SP 800-171 R2 3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance NIST_SP_800-171_R2_3 .13.9 NIST_SP_800-171_R2_3.13.9 NIST SP 800-171 R2 3.13.9 Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.1 NIST_SP_800-171_R2_3.14.1 NIST SP 800-171 R2 3.14.1 Identify, report, and correct system flaws in a timely manner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.2 NIST_SP_800-171_R2_3.14.2 NIST SP 800-171 R2 3.14.2 Provide protection from malicious code at designated locations within organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.3 NIST_SP_800-171_R2_3.14.3 NIST SP 800-171 R2 3.14.3 Monitor system security alerts and advisories and take action in response. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NIST_SP_800-171_R2_3 .14.4 NIST_SP_800-171_R2_3.14.4 NIST SP 800-171 R2 3.14.4 Update malicious code protection mechanisms when new releases are available. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-171_R2_3 .14.5 NIST_SP_800-171_R2_3.14.5 NIST SP 800-171 R2 3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-171_R2_3 .14.7 NIST_SP_800-171_R2_3.14.7 NIST SP 800-171 R2 3.14.7 Identify unauthorized use of organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance NIST_SP_800-171_R2_3 .2.1 NIST_SP_800-171_R2_3.2.1 NIST SP 800-171 R2 3.2.1 Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards,& procedures related to the security of those systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance NIST_SP_800-171_R2_3 .2.1 NIST_SP_800-171_R2_3.2.1 NIST SP 800-171 R2 3.2.1 Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards,& procedures related to the security of those systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance NIST_SP_800-171_R2_3 .2.2 NIST_SP_800-171_R2_3.2.2 NIST SP 800-171 R2 3.2.2 Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance NIST_SP_800-171_R2_3 .2.2 NIST_SP_800-171_R2_3.2.2 NIST SP 800-171 R2 3.2.2 Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance NIST_SP_800-171_R2_3 .2.3 NIST_SP_800-171_R2_3.2.3 NIST SP 800-171 R2 3.2.3 Provide security awareness training on recognizing and reporting potential indicators of insider threat. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance NIST_SP_800-171_R2_3 .2.3 NIST_SP_800-171_R2_3.2.3 NIST SP 800-171 R2 3.2.3 Provide security awareness training on recognizing and reporting potential indicators of insider threat. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-171_R2_3 .3.1 NIST_SP_800-171_R2_3.3.1 NIST SP 800-171 R2 3.3.1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-171_R2_3 .3.2 NIST_SP_800-171_R2_3.3.2 NIST SP 800-171 R2 3.3.2 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance NIST_SP_800-171_R2_3 .3.3 NIST_SP_800-171_R2_3.3.3 NIST SP 800-171 R2 3.3.3 Review and update logged events. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Alert in the event of an audit logging process failure. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-171_R2_3 .3.5 NIST_SP_800-171_R2_3.3.5 NIST SP 800-171 R2 3.3.5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance NIST_SP_800-171_R2_3 .3.6 NIST_SP_800-171_R2_3.3.6 NIST SP 800-171 R2 3.3.6 Provide audit record reduction and report generation to support on-demand analysis and reporting. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance NIST_SP_800-171_R2_3 .3.7 NIST_SP_800-171_R2_3.3.7 NIST SP 800-171 R2 3.3.7 Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance NIST_SP_800-171_R2_3 .3.8 NIST_SP_800-171_R2_3.3.8 NIST SP 800-171 R2 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance NIST_SP_800-171_R2_3 .3.8 NIST_SP_800-171_R2_3.3.8 NIST SP 800-171 R2 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-171_R2_3 .3.8 NIST_SP_800-171_R2_3.3.8 NIST SP 800-171 R2 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-171_R2_3 .3.8 NIST_SP_800-171_R2_3.3.8 NIST SP 800-171 R2 3.3.8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-171_R2_3 .3.9 NIST_SP_800-171_R2_3.3.9 NIST SP 800-171 R2 3.3.9 Limit management of audit logging functionality to a subset of privileged users. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-171_R2_3 .4.1 NIST_SP_800-171_R2_3.4.1 NIST SP 800-171 R2 3.4.1 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NIST_SP_800-171_R2_3 .4.2 NIST_SP_800-171_R2_3.4.2 NIST SP 800-171 R2 3.4.2 Establish and enforce security configuration settings for information technology products employed in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-171_R2_3 .4.3 NIST_SP_800-171_R2_3.4.3 NIST SP 800-171 R2 3.4.3 Track, review, approve or disapprove, and log changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-171_R2_3 .4.4 NIST_SP_800-171_R2_3.4.4 NIST SP 800-171 R2 3.4.4 Analyze the security impact of changes prior to implementation. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance NIST_SP_800-171_R2_3 .4.5 NIST_SP_800-171_R2_3.4.5 NIST SP 800-171 R2 3.4.5 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-171_R2_3 .4.6 NIST_SP_800-171_R2_3.4.6 NIST SP 800-171 R2 3.4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-171_R2_3 .4.6 NIST_SP_800-171_R2_3.4.6 NIST SP 800-171 R2 3.4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-171_R2_3 .4.6 NIST_SP_800-171_R2_3.4.6 NIST SP 800-171 R2 3.4.6 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-171_R2_3 .4.7 NIST_SP_800-171_R2_3.4.7 NIST SP 800-171 R2 3.4.7 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-171_R2_3 .4.7 NIST_SP_800-171_R2_3.4.7 NIST SP 800-171 R2 3.4.7 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-171_R2_3 .4.8 NIST_SP_800-171_R2_3.4.8 NIST SP 800-171 R2 3.4.8 Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-171_R2_3 .4.8 NIST_SP_800-171_R2_3.4.8 NIST SP 800-171 R2 3.4.8 Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-171_R2_3 .4.9 NIST_SP_800-171_R2_3.4.9 NIST SP 800-171 R2 3.4.9 Control and monitor user-installed software. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-171_R2_3 .4.9 NIST_SP_800-171_R2_3.4.9 NIST SP 800-171 R2 3.4.9 Control and monitor user-installed software. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.1 NIST_SP_800-171_R2_3.5.1 NIST SP 800-171 R2 3.5.1 Identify system users, processes acting on behalf of users, and devices. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .5.10 NIST_SP_800-171_R2_3.5.10 NIST SP 800-171 R2 3.5.10 Store and transmit only cryptographically-protected passwords. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance NIST_SP_800-171_R2_3 .5.11 NIST_SP_800-171_R2_3.5.11 NIST SP 800-171 R2 3.5.11 Obscure feedback of authentication information NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.2 NIST_SP_800-171_R2_3.5.2 NIST SP 800-171 R2 3.5.2 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .5.3 NIST_SP_800-171_R2_3.5.3 NIST SP 800-171 R2 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .5.3 NIST_SP_800-171_R2_3.5.3 NIST SP 800-171 R2 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-171_R2_3 .5.3 NIST_SP_800-171_R2_3.5.3 NIST SP 800-171 R2 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-171_R2_3 .5.3 NIST_SP_800-171_R2_3.5.3 NIST SP 800-171 R2 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-171_R2_3 .5.3 NIST_SP_800-171_R2_3.5.3 NIST SP 800-171 R2 3.5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration NIST_SP_800-171_R2_3 .5.4 NIST_SP_800-171_R2_3.5.4 NIST SP 800-171 R2 3.5.4 Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance NIST_SP_800-171_R2_3 .5.5 NIST_SP_800-171_R2_3.5.5 NIST SP 800-171 R2 3.5.5 Prevent reuse of identifiers for a defined period. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-171_R2_3 .5.6 NIST_SP_800-171_R2_3.5.6 NIST SP 800-171 R2 3.5.6 Disable identifiers after a defined period of inactivity. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-171_R2_3 .5.7 NIST_SP_800-171_R2_3.5.7 NIST SP 800-171 R2 3.5.7 Enforce a minimum password complexity and change of characters when new passwords are created. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-171_R2_3 .5.8 NIST_SP_800-171_R2_3.5.8 NIST SP 800-171 R2 3.5.8 Prohibit password reuse for a specified number of generations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration NIST_SP_800-171_R2_3 .5.8 NIST_SP_800-171_R2_3.5.8 NIST SP 800-171 R2 3.5.8 Prohibit password reuse for a specified number of generations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-171_R2_3 .5.8 NIST_SP_800-171_R2_3.5.8 NIST SP 800-171 R2 3.5.8 Prohibit password reuse for a specified number of generations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-171_R2_3 .5.8 NIST_SP_800-171_R2_3.5.8 NIST SP 800-171 R2 3.5.8 Prohibit password reuse for a specified number of generations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .6.2 NIST_SP_800-171_R2_3.6.2 NIST SP 800-171 R2 3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-171_R2_3 .6.2 NIST_SP_800-171_R2_3.6.2 NIST SP 800-171 R2 3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-171_R2_3 .6.2 NIST_SP_800-171_R2_3.6.2 NIST SP 800-171 R2 3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-171_R2_3 .6.3 NIST_SP_800-171_R2_3.6.3 NIST SP 800-171 R2 3.6.3 Test the organizational incident response capability. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-171_R2_3 .6.3 NIST_SP_800-171_R2_3.6.3 NIST SP 800-171 R2 3.6.3 Test the organizational incident response capability. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-171_R2_3 .6.3 NIST_SP_800-171_R2_3.6.3 NIST SP 800-171 R2 3.6.3 Test the organizational incident response capability. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.1 NIST_SP_800-171_R2_3.7.1 NIST SP 800-171 R2 3.7.1 Perform maintenance on organizational systems.[26]. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.2 NIST_SP_800-171_R2_3.7.2 NIST SP 800-171 R2 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .7.2 NIST_SP_800-171_R2_3.7.2 NIST SP 800-171 R2 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.2 NIST_SP_800-171_R2_3.7.2 NIST SP 800-171 R2 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .7.2 NIST_SP_800-171_R2_3.7.2 NIST SP 800-171 R2 3.7.2 Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.3 NIST_SP_800-171_R2_3.7.3 NIST SP 800-171 R2 3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .7.3 NIST_SP_800-171_R2_3.7.3 NIST SP 800-171 R2 3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .7.3 NIST_SP_800-171_R2_3.7.3 NIST SP 800-171 R2 3.7.3 Ensure equipment removed for off-site maintenance is sanitized of any CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.4 NIST_SP_800-171_R2_3.7.4 NIST SP 800-171 R2 3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.4 NIST_SP_800-171_R2_3.7.4 NIST SP 800-171 R2 3.7.4 Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.5 NIST_SP_800-171_R2_3.7.5 NIST SP 800-171 R2 3.7.5 Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance NIST_SP_800-171_R2_3 .7.6 NIST_SP_800-171_R2_3.7.6 NIST SP 800-171 R2 3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance NIST_SP_800-171_R2_3 .7.6 NIST_SP_800-171_R2_3.7.6 NIST SP 800-171 R2 3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance NIST_SP_800-171_R2_3 .7.6 NIST_SP_800-171_R2_3.7.6 NIST SP 800-171 R2 3.7.6 Supervise the maintenance activities of maintenance personnel without required access authorization. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.1 NIST_SP_800-171_R2_3.8.1 NIST SP 800-171 R2 3.8.1 Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .8.1 NIST_SP_800-171_R2_3.8.1 NIST SP 800-171 R2 3.8.1 Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.2 NIST_SP_800-171_R2_3.8.2 NIST SP 800-171 R2 3.8.2 Limit access to CUI on system media to authorized users NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .8.2 NIST_SP_800-171_R2_3.8.2 NIST SP 800-171 R2 3.8.2 Limit access to CUI on system media to authorized users NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-171_R2_3 .8.3 NIST_SP_800-171_R2_3.8.3 NIST SP 800-171 R2 3.8.3 Sanitize or destroy system media containing CUI before disposal or release for reuse. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.3 NIST_SP_800-171_R2_3.8.3 NIST SP 800-171 R2 3.8.3 Sanitize or destroy system media containing CUI before disposal or release for reuse. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.4 NIST_SP_800-171_R2_3.8.4 NIST SP 800-171 R2 3.8.4 Mark media with necessary CUI markings and distribution limitations.[27] NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.5 NIST_SP_800-171_R2_3.8.5 NIST SP 800-171 R2 3.8.5 Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-171_R2_3 .8.5 NIST_SP_800-171_R2_3.8.5 NIST SP 800-171 R2 3.8.5 Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-171_R2_3 .8.6 NIST_SP_800-171_R2_3.8.6 NIST SP 800-171 R2 3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.6 NIST_SP_800-171_R2_3.8.6 NIST SP 800-171 R2 3.8.6 Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-171_R2_3 .8.7 NIST_SP_800-171_R2_3.8.7 NIST SP 800-171 R2 3.8.7 Control the use of removable media on system components. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.7 NIST_SP_800-171_R2_3.8.7 NIST SP 800-171 R2 3.8.7 Control the use of removable media on system components. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .8.7 NIST_SP_800-171_R2_3.8.7 NIST SP 800-171 R2 3.8.7 Control the use of removable media on system components. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-171_R2_3 .8.7 NIST_SP_800-171_R2_3.8.7 NIST SP 800-171 R2 3.8.7 Control the use of removable media on system components. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.8 NIST_SP_800-171_R2_3.8.8 NIST SP 800-171 R2 3.8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-171_R2_3 .8.8 NIST_SP_800-171_R2_3.8.8 NIST SP 800-171 R2 3.8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-171_R2_3 .8.8 NIST_SP_800-171_R2_3.8.8 NIST SP 800-171 R2 3.8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-171_R2_3 .8.8 NIST_SP_800-171_R2_3.8.8 NIST SP 800-171 R2 3.8.8 Prohibit the use of portable storage devices when such devices have no identifiable owner. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-171_R2_3 .8.9 NIST_SP_800-171_R2_3.8.9 NIST SP 800-171 R2 3.8.9 Protect the confidentiality of backup CUI at storage locations. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance NIST_SP_800-171_R2_3 .9.1 NIST_SP_800-171_R2_3.9.1 NIST SP 800-171 R2 3.9.1 Screen individuals prior to authorizing access to organizational systems containing CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance NIST_SP_800-171_R2_3 .9.1 NIST_SP_800-171_R2_3.9.1 NIST SP 800-171 R2 3.9.1 Screen individuals prior to authorizing access to organizational systems containing CUI. NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance NIST_SP_800-171_R2_3 .9.2 NIST_SP_800-171_R2_3.9.2 NIST SP 800-171 R2 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers NIST SP 800-171 Rev. 2 (03055927-78bd-4236-86c0-f36125a10dc9)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AC-1 NIST_SP_800-53_R4_AC-1 NIST SP 800-53 Rev. 4 AC-1 Access Control Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R4 AC-1 NIST_SP_800-53_R4_AC-1 NIST SP 800-53 Rev. 4 AC-1 Access Control Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AC-1 NIST_SP_800-53_R4_AC-1 NIST SP 800-53 Rev. 4 AC-1 Access Control Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AC-1 NIST_SP_800-53_R4_AC-1 NIST SP 800-53 Rev. 4 AC-1 Access Control Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance NIST_SP_800-53_R4 AC-10 NIST_SP_800-53_R4_AC-10 NIST SP 800-53 Rev. 4 AC-10 Concurrent Session Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance NIST_SP_800-53_R4 AC-12 NIST_SP_800-53_R4_AC-12 NIST SP 800-53 Rev. 4 AC-12 Session Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0471c6b7-1588-701c-2713-1fade73b75f6 Display an explicit logout message Regulatory Compliance NIST_SP_800-53_R4 AC-12(1) NIST_SP_800-53_R4_AC-12(1) NIST SP 800-53 Rev. 4 AC-12 (1) User-Initiated Logouts / Message Displays NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db580551-0b3c-4ea1-8a4c-4cdb5feb340f Provide the logout capability Regulatory Compliance NIST_SP_800-53_R4 AC-12(1) NIST_SP_800-53_R4_AC-12(1) NIST SP 800-53 Rev. 4 AC-12 (1) User-Initiated Logouts / Message Displays NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance NIST_SP_800-53_R4 AC-14 NIST_SP_800-53_R4_AC-14 NIST SP 800-53 Rev. 4 AC-14 Permitted Actions Without Identification Or Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AC-16 NIST_SP_800-53_R4_AC-16 NIST SP 800-53 Rev. 4 AC-16 Security Attributes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AC-16 NIST_SP_800-53_R4_AC-16 NIST SP 800-53 Rev. 4 AC-16 Security Attributes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 AC-17 NIST_SP_800-53_R4_AC-17 NIST SP 800-53 Rev. 4 AC-17 Remote Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 AC-17(1) NIST_SP_800-53_R4_AC-17(1) NIST SP 800-53 Rev. 4 AC-17 (1) Automated Monitoring / Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance NIST_SP_800-53_R4 AC-17(2) NIST_SP_800-53_R4_AC-17(2) NIST SP 800-53 Rev. 4 AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R4 AC-17(2) NIST_SP_800-53_R4_AC-17(2) NIST SP 800-53 Rev. 4 AC-17 (2) Protection Of Confidentiality / Integrity Using Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-53_R4 AC-17(3) NIST_SP_800-53_R4_AC-17(3) NIST SP 800-53 Rev. 4 AC-17 (3) Managed Access Control Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-53_R4 AC-17(4) NIST_SP_800-53_R4_AC-17(4) NIST SP 800-53 Rev. 4 AC-17 (4) Privileged Commands / Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance NIST_SP_800-53_R4 AC-17(9) NIST_SP_800-53_R4_AC-17(9) NIST SP 800-53 Rev. 4 AC-17 (9) Disconnect / Disable Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-53_R4 AC-18 NIST_SP_800-53_R4_AC-18 NIST SP 800-53 Rev. 4 AC-18 Wireless Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-53_R4 AC-18 NIST_SP_800-53_R4_AC-18 NIST SP 800-53 Rev. 4 AC-18 Wireless Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-53_R4 AC-18(1) NIST_SP_800-53_R4_AC-18(1) NIST SP 800-53 Rev. 4 AC-18 (1) Authentication And Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-53_R4 AC-18(1) NIST_SP_800-53_R4_AC-18(1) NIST SP 800-53 Rev. 4 AC-18 (1) Authentication And Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-53_R4 AC-18(1) NIST_SP_800-53_R4_AC-18(1) NIST SP 800-53 Rev. 4 AC-18 (1) Authentication And Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-53_R4 AC-19 NIST_SP_800-53_R4_AC-19 NIST SP 800-53 Rev. 4 AC-19 Access Control For Mobile Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-53_R4 AC-19(5) NIST_SP_800-53_R4_AC-19(5) NIST SP 800-53 Rev. 4 AC-19 (5) Full Device / Container-Based Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R4 AC-19(5) NIST_SP_800-53_R4_AC-19(5) NIST SP 800-53 Rev. 4 AC-19 (5) Full Device / Container-Based Encryption NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2 NIST_SP_800-53_R4_AC-2 NIST SP 800-53 Rev. 4 AC-2 Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 AC-2(1) NIST_SP_800-53_R4_AC-2(1) NIST SP 800-53 Rev. 4 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance NIST_SP_800-53_R4 AC-2(10) NIST_SP_800-53_R4_AC-2(10) NIST SP 800-53 Rev. 4 AC-2 (10) Shared / Group Account Credential Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(11) NIST_SP_800-53_R4_AC-2(11) NIST SP 800-53 Rev. 4 AC-2 (11) Usage Conditions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AC-2(12) NIST_SP_800-53_R4_AC-2(12) NIST SP 800-53 Rev. 4 AC-2 (12) Account Monitoring / Atypical Usage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk Regulatory Compliance NIST_SP_800-53_R4 AC-2(13) NIST_SP_800-53_R4_AC-2(13) NIST SP 800-53 Rev. 4 AC-2 (13) Disable Accounts For High-Risk Individuals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-53_R4 AC-2(3) NIST_SP_800-53_R4_AC-2(3) NIST SP 800-53 Rev. 4 AC-2 (3) Disable Inactive Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R4 AC-2(3) NIST_SP_800-53_R4_AC-2(3) NIST SP 800-53 Rev. 4 AC-2 (3) Disable Inactive Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R4 AC-2(4) NIST_SP_800-53_R4_AC-2(4) NIST SP 800-53 Rev. 4 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance NIST_SP_800-53_R4 AC-2(5) NIST_SP_800-53_R4_AC-2(5) NIST SP 800-53 Rev. 4 AC-2 (5) Inactivity Logout NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-53_R4 AC-2(7) NIST_SP_800-53_R4_AC-2(7) NIST SP 800-53 Rev. 4 AC-2 (7) Role-Based Schemes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance NIST_SP_800-53_R4 AC-2(9) NIST_SP_800-53_R4_AC-2(9) NIST SP 800-53 Rev. 4 AC-2 (9) Restrictions On Use Of Shared Groups / Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance NIST_SP_800-53_R4 AC-20 NIST_SP_800-53_R4_AC-20 NIST SP 800-53 Rev. 4 AC-20 Use Of External Information Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance NIST_SP_800-53_R4 AC-20 NIST_SP_800-53_R4_AC-20 NIST SP 800-53 Rev. 4 AC-20 Use Of External Information Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance NIST_SP_800-53_R4 AC-20(1) NIST_SP_800-53_R4_AC-20(1) NIST SP 800-53 Rev. 4 AC-20 (1) Limits On Authorized Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 AC-20(2) NIST_SP_800-53_R4_AC-20(2) NIST SP 800-53 Rev. 4 AC-20 (2) Portable Storage Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 AC-20(2) NIST_SP_800-53_R4_AC-20(2) NIST SP 800-53 Rev. 4 AC-20 (2) Portable Storage Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R4 AC-20(2) NIST_SP_800-53_R4_AC-20(2) NIST SP 800-53 Rev. 4 AC-20 (2) Portable Storage Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance NIST_SP_800-53_R4 AC-21 NIST_SP_800-53_R4_AC-21 NIST SP 800-53 Rev. 4 AC-21 Information Sharing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance NIST_SP_800-53_R4 AC-21 NIST_SP_800-53_R4_AC-21 NIST SP 800-53 Rev. 4 AC-21 Information Sharing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance NIST_SP_800-53_R4 AC-22 NIST_SP_800-53_R4_AC-22 NIST SP 800-53 Rev. 4 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance NIST_SP_800-53_R4 AC-22 NIST_SP_800-53_R4_AC-22 NIST SP 800-53 Rev. 4 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance NIST_SP_800-53_R4 AC-22 NIST_SP_800-53_R4_AC-22 NIST SP 800-53 Rev. 4 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance NIST_SP_800-53_R4 AC-22 NIST_SP_800-53_R4_AC-22 NIST SP 800-53 Rev. 4 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-53_R4 AC-3 NIST_SP_800-53_R4_AC-3 NIST SP 800-53 Rev. 4 AC-3 Access Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center NIST_SP_800-53_R4 AC-3(7) NIST_SP_800-53_R4_AC-3(7) NIST SP 800-53 Rev. 4 AC-3 (7) Role-based Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 AC-4 NIST_SP_800-53_R4_AC-4 NIST SP 800-53 Rev. 4 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance NIST_SP_800-53_R4 AC-4(21) NIST_SP_800-53_R4_AC-4(21) NIST SP 800-53 Rev. 4 AC-4 (21) Physical / Logical Separation Of Information Flows NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance NIST_SP_800-53_R4 AC-4(21) NIST_SP_800-53_R4_AC-4(21) NIST SP 800-53 Rev. 4 AC-4 (21) Physical / Logical Separation Of Information Flows NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance NIST_SP_800-53_R4 AC-4(21) NIST_SP_800-53_R4_AC-4(21) NIST SP 800-53 Rev. 4 AC-4 (21) Physical / Logical Separation Of Information Flows NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-53_R4 AC-4(21) NIST_SP_800-53_R4_AC-4(21) NIST SP 800-53 Rev. 4 AC-4 (21) Physical / Logical Separation Of Information Flows NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-53_R4 AC-4(3) NIST_SP_800-53_R4_AC-4(3) NIST SP 800-53 Rev. 4 AC-4 (3) Dynamic Information Flow Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 AC-4(3) NIST_SP_800-53_R4_AC-4(3) NIST SP 800-53 Rev. 4 AC-4 (3) Dynamic Information Flow Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance NIST_SP_800-53_R4 AC-4(8) NIST_SP_800-53_R4_AC-4(8) NIST SP 800-53 Rev. 4 AC-4 (8) Security Policy Filters NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance NIST_SP_800-53_R4 AC-5 NIST_SP_800-53_R4_AC-5 NIST SP 800-53 Rev. 4 AC-5 Separation Of Duties NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance NIST_SP_800-53_R4 AC-5 NIST_SP_800-53_R4_AC-5 NIST SP 800-53 Rev. 4 AC-5 Separation Of Duties NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NIST_SP_800-53_R4 AC-5 NIST_SP_800-53_R4_AC-5 NIST SP 800-53 Rev. 4 AC-5 Separation Of Duties NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance NIST_SP_800-53_R4 AC-5 NIST_SP_800-53_R4_AC-5 NIST SP 800-53 Rev. 4 AC-5 Separation Of Duties NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance NIST_SP_800-53_R4 AC-6 NIST_SP_800-53_R4_AC-6 NIST SP 800-53 Rev. 4 AC-6 Least Privilege NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R4 AC-6 NIST_SP_800-53_R4_AC-6 NIST SP 800-53 Rev. 4 AC-6 Least Privilege NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R4 AC-6 NIST_SP_800-53_R4_AC-6 NIST SP 800-53 Rev. 4 AC-6 Least Privilege NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance NIST_SP_800-53_R4 AC-6 NIST_SP_800-53_R4_AC-6 NIST SP 800-53 Rev. 4 AC-6 Least Privilege NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R4 AC-6(1) NIST_SP_800-53_R4_AC-6(1) NIST SP 800-53 Rev. 4 AC-6 (1) Authorize Access To Security Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-53_R4 AC-6(1) NIST_SP_800-53_R4_AC-6(1) NIST SP 800-53 Rev. 4 AC-6 (1) Authorize Access To Security Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-53_R4 AC-6(1) NIST_SP_800-53_R4_AC-6(1) NIST SP 800-53 Rev. 4 AC-6 (1) Authorize Access To Security Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R4 AC-6(5) NIST_SP_800-53_R4_AC-6(5) NIST SP 800-53 Rev. 4 AC-6 (5) Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance NIST_SP_800-53_R4 AC-6(7) NIST_SP_800-53_R4_AC-6(7) NIST SP 800-53 Rev. 4 AC-6 (7) Review Of User Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R4 AC-6(7) NIST_SP_800-53_R4_AC-6(7) NIST SP 800-53 Rev. 4 AC-6 (7) Review Of User Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R4 AC-6(7) NIST_SP_800-53_R4_AC-6(7) NIST SP 800-53 Rev. 4 AC-6 (7) Review Of User Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance NIST_SP_800-53_R4 AC-6(7) NIST_SP_800-53_R4_AC-6(7) NIST SP 800-53 Rev. 4 AC-6 (7) Review Of User Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance NIST_SP_800-53_R4 AC-6(8) NIST_SP_800-53_R4_AC-6(8) NIST SP 800-53 Rev. 4 AC-6 (8) Privilege Levels For Code Execution NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-53_R4 AC-6(9) NIST_SP_800-53_R4_AC-6(9) NIST SP 800-53 Rev. 4 AC-6 (9) Auditing Use Of Privileged Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance NIST_SP_800-53_R4 AC-7 NIST_SP_800-53_R4_AC-7 NIST SP 800-53 Rev. 4 AC-7 Unsuccessful Logon Attempts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R4 AT-1 NIST_SP_800-53_R4_AT-1 NIST SP 800-53 Rev. 4 AT-1 Security Awareness And Training Policy Andprocedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance NIST_SP_800-53_R4 AT-1 NIST_SP_800-53_R4_AT-1 NIST SP 800-53 Rev. 4 AT-1 Security Awareness And Training Policy Andprocedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance NIST_SP_800-53_R4 AT-2 NIST_SP_800-53_R4_AT-2 NIST SP 800-53 Rev. 4 AT-2 Security Awareness Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance NIST_SP_800-53_R4 AT-2 NIST_SP_800-53_R4_AT-2 NIST SP 800-53 Rev. 4 AT-2 Security Awareness Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance NIST_SP_800-53_R4 AT-2 NIST_SP_800-53_R4_AT-2 NIST SP 800-53 Rev. 4 AT-2 Security Awareness Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance NIST_SP_800-53_R4 AT-2(2) NIST_SP_800-53_R4_AT-2(2) NIST SP 800-53 Rev. 4 AT-2 (2) Insider Threat NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance NIST_SP_800-53_R4 AT-3 NIST_SP_800-53_R4_AT-3 NIST SP 800-53 Rev. 4 AT-3 Role-Based Security Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance NIST_SP_800-53_R4 AT-3 NIST_SP_800-53_R4_AT-3 NIST SP 800-53 Rev. 4 AT-3 Role-Based Security Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance NIST_SP_800-53_R4 AT-3 NIST_SP_800-53_R4_AT-3 NIST SP 800-53 Rev. 4 AT-3 Role-Based Security Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance NIST_SP_800-53_R4 AT-3(3) NIST_SP_800-53_R4_AT-3(3) NIST SP 800-53 Rev. 4 AT-3 (3) Practical Exercises NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance NIST_SP_800-53_R4 AT-3(4) NIST_SP_800-53_R4_AT-3(4) NIST SP 800-53 Rev. 4 AT-3 (4) Suspicious Communications And Anomalous System Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance NIST_SP_800-53_R4 AT-4 NIST_SP_800-53_R4_AT-4 NIST SP 800-53 Rev. 4 AT-4 Security Training Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance NIST_SP_800-53_R4 AT-4 NIST_SP_800-53_R4_AT-4 NIST SP 800-53 Rev. 4 AT-4 Security Training Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance NIST_SP_800-53_R4 AT-4 NIST_SP_800-53_R4_AT-4 NIST SP 800-53 Rev. 4 AT-4 Security Training Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-1 NIST_SP_800-53_R4_AU-1 NIST SP 800-53 Rev. 4 AU-1 Audit And Accountability Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R4 AU-1 NIST_SP_800-53_R4_AU-1 NIST SP 800-53 Rev. 4 AU-1 Audit And Accountability Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-1 NIST_SP_800-53_R4_AU-1 NIST SP 800-53 Rev. 4 AU-1 Audit And Accountability Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-1 NIST_SP_800-53_R4_AU-1 NIST SP 800-53 Rev. 4 AU-1 Audit And Accountability Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance NIST_SP_800-53_R4 AU-10 NIST_SP_800-53_R4_AU-10 NIST SP 800-53 Rev. 4 AU-10 Non-Repudiation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-11 NIST_SP_800-53_R4_AU-11 NIST SP 800-53 Rev. 4 AU-11 Audit Record Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-53_R4 AU-11 NIST_SP_800-53_R4_AU-11 NIST SP 800-53 Rev. 4 AU-11 Audit Record Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NIST_SP_800-53_R4 AU-11 NIST_SP_800-53_R4_AU-11 NIST SP 800-53 Rev. 4 AU-11 Audit Record Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance NIST_SP_800-53_R4 AU-11 NIST_SP_800-53_R4_AU-11 NIST SP 800-53 Rev. 4 AU-11 Audit Record Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-12 NIST_SP_800-53_R4_AU-12 NIST SP 800-53 Rev. 4 AU-12 Audit Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R4 AU-12(1) NIST_SP_800-53_R4_AU-12(1) NIST SP 800-53 Rev. 4 AU-12 (1) System-Wide / Time-Correlated Audit Trail NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d200f199-69f4-95a6-90b0-37ff0cf1040c Provide the capability to extend or limit auditing on customer-deployed resources Regulatory Compliance NIST_SP_800-53_R4 AU-12(3) NIST_SP_800-53_R4_AU-12(3) NIST SP 800-53 Rev. 4 AU-12 (3) Changes By Authorized Individuals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R4 AU-2 NIST_SP_800-53_R4_AU-2 NIST SP 800-53 Rev. 4 AU-2 Audit Events NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance NIST_SP_800-53_R4 AU-2(3) NIST_SP_800-53_R4_AU-2(3) NIST SP 800-53 Rev. 4 AU-2 (3) Reviews And Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R4 AU-3 NIST_SP_800-53_R4_AU-3 NIST SP 800-53 Rev. 4 AU-3 Content Of Audit Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance NIST_SP_800-53_R4 AU-3(1) NIST_SP_800-53_R4_AU-3(1) NIST SP 800-53 Rev. 4 AU-3 (1) Additional Audit Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-53_R4 AU-4 NIST_SP_800-53_R4_AU-4 NIST SP 800-53 Rev. 4 AU-4 Audit Storage Capacity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-53_R4 AU-5 NIST_SP_800-53_R4_AU-5 NIST SP 800-53 Rev. 4 AU-5 Response To Audit Processing Failures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance NIST_SP_800-53_R4 AU-5(2) NIST_SP_800-53_R4_AU-5(2) NIST SP 800-53 Rev. 4 AU-5 (2) Real-Time Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-6 NIST_SP_800-53_R4_AU-6 NIST SP 800-53 Rev. 4 AU-6 Audit Review, Analysis, And Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R4 AU-6(1) NIST_SP_800-53_R4_AU-6(1) NIST SP 800-53 Rev. 4 AU-6 (1) Process Integration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de251b09-4a5e-1204-4bef-62ac58d47999 Adjust level of audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R4 AU-6(10) NIST_SP_800-53_R4_AU-6(10) NIST SP 800-53 Rev. 4 AU-6 (10) Audit Level Adjustment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R4 AU-6(3) NIST_SP_800-53_R4_AU-6(3) NIST SP 800-53 Rev. 4 AU-6 (3) Correlate Audit Repositories NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R4 AU-6(3) NIST_SP_800-53_R4_AU-6(3) NIST SP 800-53 Rev. 4 AU-6 (3) Correlate Audit Repositories NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 AU-6(4) NIST_SP_800-53_R4_AU-6(4) NIST SP 800-53 Rev. 4 AU-6 (4) Central Review And Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R4 AU-6(5) NIST_SP_800-53_R4_AU-6(5) NIST SP 800-53 Rev. 4 AU-6 (5) Integration / Scanning And Monitoring Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance NIST_SP_800-53_R4 AU-6(7) NIST_SP_800-53_R4_AU-6(7) NIST SP 800-53 Rev. 4 AU-6 (7) Permitted Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance NIST_SP_800-53_R4 AU-7 NIST_SP_800-53_R4_AU-7 NIST SP 800-53 Rev. 4 AU-7 Audit Reduction And Report Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance NIST_SP_800-53_R4 AU-7 NIST_SP_800-53_R4_AU-7 NIST SP 800-53 Rev. 4 AU-7 Audit Reduction And Report Generation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance NIST_SP_800-53_R4 AU-7(1) NIST_SP_800-53_R4_AU-7(1) NIST SP 800-53 Rev. 4 AU-7 (1) Automatic Processing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance NIST_SP_800-53_R4 AU-8 NIST_SP_800-53_R4_AU-8 NIST SP 800-53 Rev. 4 AU-8 Time Stamps NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance NIST_SP_800-53_R4 AU-8(1) NIST_SP_800-53_R4_AU-8(1) NIST SP 800-53 Rev. 4 AU-8 (1) Synchronization With Authoritative Time Source NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-53_R4 AU-9 NIST_SP_800-53_R4_AU-9 NIST SP 800-53 Rev. 4 AU-9 Protection Of Audit Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance NIST_SP_800-53_R4 AU-9 NIST_SP_800-53_R4_AU-9 NIST SP 800-53 Rev. 4 AU-9 Protection Of Audit Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-53_R4 AU-9(2) NIST_SP_800-53_R4_AU-9(2) NIST SP 800-53 Rev. 4 AU-9 (2) Audit Backup On Separate Physical Systems / Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance NIST_SP_800-53_R4 AU-9(3) NIST_SP_800-53_R4_AU-9(3) NIST SP 800-53 Rev. 4 AU-9 (3) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-53_R4 AU-9(4) NIST_SP_800-53_R4_AU-9(4) NIST SP 800-53 Rev. 4 AU-9 (4) Access By Subset Of Privileged Users NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CA-1 NIST_SP_800-53_R4_CA-1 NIST SP 800-53 Rev. 4 CA-1 Security Assessment And Authorization Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance NIST_SP_800-53_R4 CA-2 NIST_SP_800-53_R4_CA-2 NIST SP 800-53 Rev. 4 CA-2 Security Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance NIST_SP_800-53_R4 CA-2 NIST_SP_800-53_R4_CA-2 NIST SP 800-53 Rev. 4 CA-2 Security Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance NIST_SP_800-53_R4 CA-2 NIST_SP_800-53_R4_CA-2 NIST SP 800-53 Rev. 4 CA-2 Security Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance NIST_SP_800-53_R4 CA-2 NIST_SP_800-53_R4_CA-2 NIST SP 800-53 Rev. 4 CA-2 Security Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance NIST_SP_800-53_R4 CA-2(1) NIST_SP_800-53_R4_CA-2(1) NIST SP 800-53 Rev. 4 CA-2 (1) Independent Assessors NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance NIST_SP_800-53_R4 CA-2(2) NIST_SP_800-53_R4_CA-2(2) NIST SP 800-53 Rev. 4 CA-2 (2) Specialized Assessments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance NIST_SP_800-53_R4 CA-2(3) NIST_SP_800-53_R4_CA-2(3) NIST SP 800-53 Rev. 4 CA-2 (3) External Organizations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance NIST_SP_800-53_R4 CA-3 NIST_SP_800-53_R4_CA-3 NIST SP 800-53 Rev. 4 CA-3 System Interconnections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance NIST_SP_800-53_R4 CA-3 NIST_SP_800-53_R4_CA-3 NIST SP 800-53 Rev. 4 CA-3 System Interconnections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 CA-3(3) NIST_SP_800-53_R4_CA-3(3) NIST SP 800-53 Rev. 4 CA-3 (3) Unclassified Non-National Security System Connections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance NIST_SP_800-53_R4 CA-3(5) NIST_SP_800-53_R4_CA-3(5) NIST SP 800-53 Rev. 4 CA-3 (5) Restrictions On External System Connections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance NIST_SP_800-53_R4 CA-5 NIST_SP_800-53_R4_CA-5 NIST SP 800-53 Rev. 4 CA-5 Plan Of Action And Milestones NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance NIST_SP_800-53_R4 CA-5 NIST_SP_800-53_R4_CA-5 NIST SP 800-53 Rev. 4 CA-5 Plan Of Action And Milestones NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance NIST_SP_800-53_R4 CA-6 NIST_SP_800-53_R4_CA-6 NIST SP 800-53 Rev. 4 CA-6 Security Authorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance NIST_SP_800-53_R4 CA-6 NIST_SP_800-53_R4_CA-6 NIST SP 800-53 Rev. 4 CA-6 Security Authorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance NIST_SP_800-53_R4 CA-6 NIST_SP_800-53_R4_CA-6 NIST SP 800-53 Rev. 4 CA-6 Security Authorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-53_R4 CA-7 NIST_SP_800-53_R4_CA-7 NIST SP 800-53 Rev. 4 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-53_R4 CA-7 NIST_SP_800-53_R4_CA-7 NIST SP 800-53 Rev. 4 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance NIST_SP_800-53_R4 CA-7 NIST_SP_800-53_R4_CA-7 NIST SP 800-53 Rev. 4 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance NIST_SP_800-53_R4 CA-7(1) NIST_SP_800-53_R4_CA-7(1) NIST SP 800-53 Rev. 4 CA-7 (1) Independent Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring Regulatory Compliance NIST_SP_800-53_R4 CA-7(3) NIST_SP_800-53_R4_CA-7(3) NIST SP 800-53 Rev. 4 CA-7 (3) Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance NIST_SP_800-53_R4 CA-8(1) NIST_SP_800-53_R4_CA-8(1) NIST SP 800-53 Rev. 4 CA-8 (1) Independent Penetration Agent Or Team NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance NIST_SP_800-53_R4 CA-9 NIST_SP_800-53_R4_CA-9 NIST SP 800-53 Rev. 4 CA-9 Internal System Connections NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CM-1 NIST_SP_800-53_R4_CM-1 NIST SP 800-53 Rev. 4 CM-1 Configuration Management Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance NIST_SP_800-53_R4 CM-10 NIST_SP_800-53_R4_CM-10 NIST SP 800-53 Rev. 4 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance NIST_SP_800-53_R4 CM-10 NIST_SP_800-53_R4_CM-10 NIST SP 800-53 Rev. 4 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R4 CM-10 NIST_SP_800-53_R4_CM-10 NIST SP 800-53 Rev. 4 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R4 CM-10 NIST_SP_800-53_R4_CM-10 NIST SP 800-53 Rev. 4 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance NIST_SP_800-53_R4 CM-10(1) NIST_SP_800-53_R4_CM-10(1) NIST SP 800-53 Rev. 4 CM-10 (1) Open Source Software NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R4 CM-11 NIST_SP_800-53_R4_CM-11 NIST SP 800-53 Rev. 4 CM-11 User-Installed Software NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R4 CM-11 NIST_SP_800-53_R4_CM-11 NIST SP 800-53 Rev. 4 CM-11 User-Installed Software NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R4 CM-2 NIST_SP_800-53_R4_CM-2 NIST SP 800-53 Rev. 4 CM-2 Baseline Configuration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R4 CM-2(2) NIST_SP_800-53_R4_CM-2(2) NIST SP 800-53 Rev. 4 CM-2 (2) Automation Support For Accuracy / Currency NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance NIST_SP_800-53_R4 CM-2(3) NIST_SP_800-53_R4_CM-2(3) NIST SP 800-53 Rev. 4 CM-2 (3) Retention Of Previous Configurations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance NIST_SP_800-53_R4 CM-2(7) NIST_SP_800-53_R4_CM-2(7) NIST SP 800-53 Rev. 4 CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance NIST_SP_800-53_R4 CM-2(7) NIST_SP_800-53_R4_CM-2(7) NIST SP 800-53 Rev. 4 CM-2 (7) Configure Systems, Components, Or Devices For High-Risk Areas NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-3 NIST_SP_800-53_R4_CM-3 NIST SP 800-53 Rev. 4 CM-3 Configuration Change Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance NIST_SP_800-53_R4 CM-3(1) NIST_SP_800-53_R4_CM-3(1) NIST SP 800-53 Rev. 4 CM-3 (1) Automated Document / Notification / Prohibition Of Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-3(2) NIST_SP_800-53_R4_CM-3(2) NIST SP 800-53 Rev. 4 CM-3 (2) Test / Validate / Document Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R4 CM-3(2) NIST_SP_800-53_R4_CM-3(2) NIST SP 800-53 Rev. 4 CM-3 (2) Test / Validate / Document Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R4 CM-3(2) NIST_SP_800-53_R4_CM-3(2) NIST SP 800-53 Rev. 4 CM-3 (2) Test / Validate / Document Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control Regulatory Compliance NIST_SP_800-53_R4 CM-3(4) NIST_SP_800-53_R4_CM-3(4) NIST SP 800-53 Rev. 4 CM-3 (4) Security Representative NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance NIST_SP_800-53_R4 CM-3(6) NIST_SP_800-53_R4_CM-3(6) NIST SP 800-53 Rev. 4 CM-3 (6) Cryptography Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-53_R4 CM-4 NIST_SP_800-53_R4_CM-4 NIST SP 800-53 Rev. 4 CM-4 Security Impact Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R4 CM-4(1) NIST_SP_800-53_R4_CM-4(1) NIST SP 800-53 Rev. 4 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R4 CM-5 NIST_SP_800-53_R4_CM-5 NIST SP 800-53 Rev. 4 CM-5 Access Restrictions For Change NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance NIST_SP_800-53_R4 CM-5(1) NIST_SP_800-53_R4_CM-5(1) NIST SP 800-53 Rev. 4 CM-5 (1) Automated Access Enforcement / Auditing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance NIST_SP_800-53_R4 CM-5(2) NIST_SP_800-53_R4_CM-5(2) NIST SP 800-53 Rev. 4 CM-5 (2) Review System Changes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance NIST_SP_800-53_R4 CM-5(3) NIST_SP_800-53_R4_CM-5(3) NIST SP 800-53 Rev. 4 CM-5 (3) Signed Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance NIST_SP_800-53_R4 CM-5(5) NIST_SP_800-53_R4_CM-5(5) NIST SP 800-53 Rev. 4 CM-5 (5) Limit Production / Operational Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance NIST_SP_800-53_R4 CM-5(5) NIST_SP_800-53_R4_CM-5(5) NIST SP 800-53 Rev. 4 CM-5 (5) Limit Production / Operational Privileges NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R4 CM-6 NIST_SP_800-53_R4_CM-6 NIST SP 800-53 Rev. 4 CM-6 Configuration Settings NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R4 CM-6(1) NIST_SP_800-53_R4_CM-6(1) NIST SP 800-53 Rev. 4 CM-6 (1) Automated Central Management / Application / Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-53_R4 CM-6(1) NIST_SP_800-53_R4_CM-6(1) NIST SP 800-53 Rev. 4 CM-6 (1) Automated Central Management / Application / Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance NIST_SP_800-53_R4 CM-6(1) NIST_SP_800-53_R4_CM-6(1) NIST SP 800-53 Rev. 4 CM-6 (1) Automated Central Management / Application / Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 CM-7 NIST_SP_800-53_R4_CM-7 NIST SP 800-53 Rev. 4 CM-7 Least Functionality NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R4 CM-7 NIST_SP_800-53_R4_CM-7 NIST SP 800-53 Rev. 4 CM-7 Least Functionality NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R4 CM-7 NIST_SP_800-53_R4_CM-7 NIST SP 800-53 Rev. 4 CM-7 Least Functionality NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R4 CM-7(2) NIST_SP_800-53_R4_CM-7(2) NIST SP 800-53 Rev. 4 CM-7 (2) Prevent Program Execution NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R4 CM-7(2) NIST_SP_800-53_R4_CM-7(2) NIST SP 800-53 Rev. 4 CM-7 (2) Prevent Program Execution NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R4 CM-7(5) NIST_SP_800-53_R4_CM-7(5) NIST SP 800-53 Rev. 4 CM-7 (5) Authorized Software / Whitelisting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R4 CM-7(5) NIST_SP_800-53_R4_CM-7(5) NIST SP 800-53 Rev. 4 CM-7 (5) Authorized Software / Whitelisting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-53_R4 CM-8 NIST_SP_800-53_R4_CM-8 NIST SP 800-53 Rev. 4 CM-8 Information System Component Inventory NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R4 CM-8 NIST_SP_800-53_R4_CM-8 NIST SP 800-53 Rev. 4 CM-8 Information System Component Inventory NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-53_R4 CM-8(1) NIST_SP_800-53_R4_CM-8(1) NIST SP 800-53 Rev. 4 CM-8 (1) Updates During Installations / Removals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R4 CM-8(1) NIST_SP_800-53_R4_CM-8(1) NIST SP 800-53 Rev. 4 CM-8 (1) Updates During Installations / Removals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance NIST_SP_800-53_R4 CM-8(3) NIST_SP_800-53_R4_CM-8(3) NIST SP 800-53 Rev. 4 CM-8 (3) Automated Unauthorized Component Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance NIST_SP_800-53_R4 CM-8(3) NIST_SP_800-53_R4_CM-8(3) NIST SP 800-53 Rev. 4 CM-8 (3) Automated Unauthorized Component Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R4 CM-8(4) NIST_SP_800-53_R4_CM-8(4) NIST SP 800-53 Rev. 4 CM-8 (4) Accountability Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-53_R4 CM-8(4) NIST_SP_800-53_R4_CM-8(4) NIST SP 800-53 Rev. 4 CM-8 (4) Accountability Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R4 CM-9 NIST_SP_800-53_R4_CM-9 NIST SP 800-53 Rev. 4 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CP-1 NIST_SP_800-53_R4_CP-1 NIST SP 800-53 Rev. 4 CP-1 Contingency Planning Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance NIST_SP_800-53_R4 CP-10 NIST_SP_800-53_R4_CP-10 NIST SP 800-53 Rev. 4 CP-10 Information System Recovery And Reconstitution NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance NIST_SP_800-53_R4 CP-10(2) NIST_SP_800-53_R4_CP-10(2) NIST SP 800-53 Rev. 4 CP-10 (2) Transaction Recovery NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state Regulatory Compliance NIST_SP_800-53_R4 CP-10(4) NIST_SP_800-53_R4_CP-10(4) NIST SP 800-53 Rev. 4 CP-10 (4) Restore Within Time Period NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R4 CP-2 NIST_SP_800-53_R4_CP-2 NIST SP 800-53 Rev. 4 CP-2 Contingency Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R4 CP-2(1) NIST_SP_800-53_R4_CP-2(1) NIST SP 800-53 Rev. 4 CP-2 (1) Coordinate With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance NIST_SP_800-53_R4 CP-2(2) NIST_SP_800-53_R4_CP-2(2) NIST SP 800-53 Rev. 4 CP-2 (2) Capacity Planning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance NIST_SP_800-53_R4 CP-2(3) NIST_SP_800-53_R4_CP-2(3) NIST SP 800-53 Rev. 4 CP-2 (3) Resume Essential Missions / Business Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance NIST_SP_800-53_R4 CP-2(4) NIST_SP_800-53_R4_CP-2(4) NIST SP 800-53 Rev. 4 CP-2 (4) Resume All Missions / Business Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance NIST_SP_800-53_R4 CP-2(5) NIST_SP_800-53_R4_CP-2(5) NIST SP 800-53 Rev. 4 CP-2 (5) Continue Essential Missions / Business Functions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance NIST_SP_800-53_R4 CP-2(8) NIST_SP_800-53_R4_CP-2(8) NIST SP 800-53 Rev. 4 CP-2 (8) Identify Critical Assets NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance NIST_SP_800-53_R4 CP-3 NIST_SP_800-53_R4_CP-3 NIST SP 800-53 Rev. 4 CP-3 Contingency Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance NIST_SP_800-53_R4 CP-3(1) NIST_SP_800-53_R4_CP-3(1) NIST SP 800-53 Rev. 4 CP-3 (1) Simulated Events NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance NIST_SP_800-53_R4 CP-4 NIST_SP_800-53_R4_CP-4 NIST SP 800-53 Rev. 4 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance NIST_SP_800-53_R4 CP-4 NIST_SP_800-53_R4_CP-4 NIST SP 800-53 Rev. 4 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance NIST_SP_800-53_R4 CP-4 NIST_SP_800-53_R4_CP-4 NIST SP 800-53 Rev. 4 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R4 CP-4(1) NIST_SP_800-53_R4_CP-4(1) NIST SP 800-53 Rev. 4 CP-4 (1) Coordinate With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
60442979-6333-85f0-84c5-b887bac67448 Evaluate alternate processing site capabilities Regulatory Compliance NIST_SP_800-53_R4 CP-4(2) NIST_SP_800-53_R4_CP-4(2) NIST SP 800-53 Rev. 4 CP-4 (2) Alternate Processing Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance NIST_SP_800-53_R4 CP-4(2) NIST_SP_800-53_R4_CP-4(2) NIST SP 800-53 Rev. 4 CP-4 (2) Alternate Processing Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance NIST_SP_800-53_R4 CP-6 NIST_SP_800-53_R4_CP-6 NIST SP 800-53 Rev. 4 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R4 CP-6(1) NIST_SP_800-53_R4_CP-6(1) NIST SP 800-53 Rev. 4 CP-6 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance NIST_SP_800-53_R4 CP-6(2) NIST_SP_800-53_R4_CP-6(2) NIST SP 800-53 Rev. 4 CP-6 (2) Recovery Time / Point Objectives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance NIST_SP_800-53_R4 CP-6(3) NIST_SP_800-53_R4_CP-6(3) NIST SP 800-53 Rev. 4 CP-6 (3) Accessibility NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R4 CP-7 NIST_SP_800-53_R4_CP-7 NIST SP 800-53 Rev. 4 CP-7 Alternate Processing Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-53_R4 CP-7 NIST_SP_800-53_R4_CP-7 NIST SP 800-53 Rev. 4 CP-7 Alternate Processing Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R4 CP-7(1) NIST_SP_800-53_R4_CP-7(1) NIST SP 800-53 Rev. 4 CP-7 (1) Separation From Primary Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R4 CP-7(2) NIST_SP_800-53_R4_CP-7(2) NIST SP 800-53 Rev. 4 CP-7 (2) Accessibility NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R4 CP-7(3) NIST_SP_800-53_R4_CP-7(3) NIST SP 800-53 Rev. 4 CP-7 (3) Priority Of Service NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance NIST_SP_800-53_R4 CP-7(3) NIST_SP_800-53_R4_CP-7(3) NIST SP 800-53 Rev. 4 CP-7 (3) Priority Of Service NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site Regulatory Compliance NIST_SP_800-53_R4 CP-7(4) NIST_SP_800-53_R4_CP-7(4) NIST SP 800-53 Rev. 4 CP-7 (4) Preparation For Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance NIST_SP_800-53_R4 CP-8(1) NIST_SP_800-53_R4_CP-8(1) NIST SP 800-53 Rev. 4 CP-8 (1) Priority Of Service Provisions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R4 CP-9 NIST_SP_800-53_R4_CP-9 NIST SP 800-53 Rev. 4 CP-9 Information System Backup NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance NIST_SP_800-53_R4 CP-9(3) NIST_SP_800-53_R4_CP-9(3) NIST SP 800-53 Rev. 4 CP-9 (3) Separate Storage For Critical Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance NIST_SP_800-53_R4 CP-9(5) NIST_SP_800-53_R4_CP-9(5) NIST SP 800-53 Rev. 4 CP-9 (5) Transfer To Alternate Storage Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance NIST_SP_800-53_R4 IA-1 NIST_SP_800-53_R4_IA-1 NIST SP 800-53 Rev. 4 IA-1 Identification And Authentication Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 IA-2 NIST_SP_800-53_R4_IA-2 NIST SP 800-53 Rev. 4 IA-2 Identification And Authentication (Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R4 IA-2(1) NIST_SP_800-53_R4_IA-2(1) NIST SP 800-53 Rev. 4 IA-2 (1) Network Access To Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R4 IA-2(1) NIST_SP_800-53_R4_IA-2(1) NIST SP 800-53 Rev. 4 IA-2 (1) Network Access To Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R4 IA-2(1) NIST_SP_800-53_R4_IA-2(1) NIST SP 800-53 Rev. 4 IA-2 (1) Network Access To Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R4 IA-2(11) NIST_SP_800-53_R4_IA-2(11) NIST SP 800-53 Rev. 4 IA-2 (11) Remote Access - Separate Device NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-53_R4 IA-2(11) NIST_SP_800-53_R4_IA-2(11) NIST SP 800-53 Rev. 4 IA-2 (11) Remote Access - Separate Device NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-53_R4 IA-2(12) NIST_SP_800-53_R4_IA-2(12) NIST SP 800-53 Rev. 4 IA-2 (12) Acceptance Of Piv Credentials NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R4 IA-2(2) NIST_SP_800-53_R4_IA-2(2) NIST SP 800-53 Rev. 4 IA-2 (2) Network Access To Non-Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R4 IA-2(2) NIST_SP_800-53_R4_IA-2(2) NIST SP 800-53 Rev. 4 IA-2 (2) Network Access To Non-Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R4 IA-2(3) NIST_SP_800-53_R4_IA-2(3) NIST SP 800-53 Rev. 4 IA-2 (3) Local Access To Privileged Accounts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-2(5) NIST_SP_800-53_R4_IA-2(5) NIST SP 800-53 Rev. 4 IA-2 (5) Group Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R4 IA-4 NIST_SP_800-53_R4_IA-4 NIST SP 800-53 Rev. 4 IA-4 Identifier Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance NIST_SP_800-53_R4 IA-4(4) NIST_SP_800-53_R4_IA-4(4) NIST SP 800-53 Rev. 4 IA-4 (4) Identify User Status NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 IA-5 NIST_SP_800-53_R4_IA-5 NIST SP 800-53 Rev. 4 IA-5 Authenticator Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance NIST_SP_800-53_R4 IA-5(1) NIST_SP_800-53_R4_IA-5(1) NIST SP 800-53 Rev. 4 IA-5 (1) Password-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance NIST_SP_800-53_R4 IA-5(11) NIST_SP_800-53_R4_IA-5(11) NIST SP 800-53 Rev. 4 IA-5 (11) Hardware Token-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c7e8ddc1-14aa-1814-7fe1-aad1742b27da Enforce expiration of cached authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(13) NIST_SP_800-53_R4_IA-5(13) NIST SP 800-53 Rev. 4 IA-5 (13) Expiration Of Cached Authenticators NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers Regulatory Compliance NIST_SP_800-53_R4 IA-5(2) NIST_SP_800-53_R4_IA-5(2) NIST SP 800-53 Rev. 4 IA-5 (2) Pki-Based Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(3) NIST_SP_800-53_R4_IA-5(3) NIST SP 800-53 Rev. 4 IA-5 (3) In-Person Or Trusted Third-Party Registration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 IA-5(4) NIST_SP_800-53_R4_IA-5(4) NIST SP 800-53 Rev. 4 IA-5 (4) Automated Support For Password Strength Determination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance NIST_SP_800-53_R4 IA-5(4) NIST_SP_800-53_R4_IA-5(4) NIST SP 800-53 Rev. 4 IA-5 (4) Automated Support For Password Strength Determination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance NIST_SP_800-53_R4 IA-5(4) NIST_SP_800-53_R4_IA-5(4) NIST SP 800-53 Rev. 4 IA-5 (4) Automated Support For Password Strength Determination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(6) NIST_SP_800-53_R4_IA-5(6) NIST SP 800-53 Rev. 4 IA-5 (6) Protection Of Authenticators NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance NIST_SP_800-53_R4 IA-5(7) NIST_SP_800-53_R4_IA-5(7) NIST SP 800-53 Rev. 4 IA-5 (7) No Embedded Unencrypted Static Authenticators NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance NIST_SP_800-53_R4 IA-6 NIST_SP_800-53_R4_IA-6 NIST SP 800-53 Rev. 4 IA-6 Authenticator Feedback NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance NIST_SP_800-53_R4 IA-7 NIST_SP_800-53_R4_IA-7 NIST SP 800-53 Rev. 4 IA-7 Cryptographic Module Authentication NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance NIST_SP_800-53_R4 IA-8 NIST_SP_800-53_R4_IA-8 NIST SP 800-53 Rev. 4 IA-8 Identification And Authentication (Non- Organizational Users) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance NIST_SP_800-53_R4 IA-8(1) NIST_SP_800-53_R4_IA-8(1) NIST SP 800-53 Rev. 4 IA-8 (1) Acceptance Of Piv Credentials From Other Agencies NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance NIST_SP_800-53_R4 IA-8(2) NIST_SP_800-53_R4_IA-8(2) NIST SP 800-53 Rev. 4 IA-8 (2) Acceptance Of Third-Party Credentials NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db8b35d6-8adb-3f51-44ff-c648ab5b1530 Employ FICAM-approved resources to accept third-party credentials Regulatory Compliance NIST_SP_800-53_R4 IA-8(3) NIST_SP_800-53_R4_IA-8(3) NIST SP 800-53 Rev. 4 IA-8 (3) Use Of Ficam-Approved Products NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance NIST_SP_800-53_R4 IA-8(4) NIST_SP_800-53_R4_IA-8(4) NIST SP 800-53 Rev. 4 IA-8 (4) Use Of Ficam-Issued Profiles NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance NIST_SP_800-53_R4 IR-1 NIST_SP_800-53_R4_IR-1 NIST SP 800-53 Rev. 4 IR-1 Incident Response Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-53_R4 IR-2 NIST_SP_800-53_R4_IR-2 NIST SP 800-53 Rev. 4 IR-2 Incident Response Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance NIST_SP_800-53_R4 IR-2(1) NIST_SP_800-53_R4_IR-2(1) NIST SP 800-53 Rev. 4 IR-2 (1) Simulated Events NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance NIST_SP_800-53_R4 IR-2(2) NIST_SP_800-53_R4_IR-2(2) NIST SP 800-53 Rev. 4 IR-2 (2) Automated Training Environments NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R4 IR-3 NIST_SP_800-53_R4_IR-3 NIST SP 800-53 Rev. 4 IR-3 Incident Response Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-53_R4 IR-3 NIST_SP_800-53_R4_IR-3 NIST SP 800-53 Rev. 4 IR-3 Incident Response Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-53_R4 IR-3 NIST_SP_800-53_R4_IR-3 NIST SP 800-53 Rev. 4 IR-3 Incident Response Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R4 IR-3(2) NIST_SP_800-53_R4_IR-3(2) NIST SP 800-53 Rev. 4 IR-3 (2) Coordination With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-53_R4 IR-3(2) NIST_SP_800-53_R4_IR-3(2) NIST SP 800-53 Rev. 4 IR-3 (2) Coordination With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-53_R4 IR-3(2) NIST_SP_800-53_R4_IR-3(2) NIST SP 800-53 Rev. 4 IR-3 (2) Coordination With Related Plans NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-4 NIST_SP_800-53_R4_IR-4 NIST SP 800-53 Rev. 4 IR-4 Incident Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-4(1) NIST_SP_800-53_R4_IR-4(1) NIST SP 800-53 Rev. 4 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R4 IR-4(1) NIST_SP_800-53_R4_IR-4(1) NIST SP 800-53 Rev. 4 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-4(1) NIST_SP_800-53_R4_IR-4(1) NIST SP 800-53 Rev. 4 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources Regulatory Compliance NIST_SP_800-53_R4 IR-4(2) NIST_SP_800-53_R4_IR-4(2) NIST SP 800-53 Rev. 4 IR-4 (2) Dynamic Reconfiguration NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance NIST_SP_800-53_R4 IR-4(3) NIST_SP_800-53_R4_IR-4(3) NIST SP 800-53 Rev. 4 IR-4 (3) Continuity Of Operations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-4(4) NIST_SP_800-53_R4_IR-4(4) NIST SP 800-53 Rev. 4 IR-4 (4) Information Correlation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance NIST_SP_800-53_R4 IR-4(6) NIST_SP_800-53_R4_IR-4(6) NIST SP 800-53 Rev. 4 IR-4 (6) Insider Threats - Specific Capabilities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance NIST_SP_800-53_R4 IR-4(8) NIST_SP_800-53_R4_IR-4(8) NIST SP 800-53 Rev. 4 IR-4 (8) Correlation With External Organizations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 IR-5 NIST_SP_800-53_R4_IR-5 NIST SP 800-53 Rev. 4 IR-5 Incident Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R4 IR-6(1) NIST_SP_800-53_R4_IR-6(1) NIST SP 800-53 Rev. 4 IR-6 (1) Automated Reporting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R4 IR-6(2) NIST_SP_800-53_R4_IR-6(2) NIST SP 800-53 Rev. 4 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-6(2) NIST_SP_800-53_R4_IR-6(2) NIST SP 800-53 Rev. 4 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 IR-6(2) NIST_SP_800-53_R4_IR-6(2) NIST SP 800-53 Rev. 4 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R4 IR-7 NIST_SP_800-53_R4_IR-7 NIST SP 800-53 Rev. 4 IR-7 Incident Response Assistance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 IR-7(1) NIST_SP_800-53_R4_IR-7(1) NIST SP 800-53 Rev. 4 IR-7 (1) Automation Support For Availability Of Information / Support NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance NIST_SP_800-53_R4 IR-7(2) NIST_SP_800-53_R4_IR-7(2) NIST SP 800-53 Rev. 4 IR-7 (2) Coordination With External Providers NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance NIST_SP_800-53_R4 IR-7(2) NIST_SP_800-53_R4_IR-7(2) NIST SP 800-53 Rev. 4 IR-7 (2) Coordination With External Providers NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-8 NIST_SP_800-53_R4_IR-8 NIST SP 800-53 Rev. 4 IR-8 Incident Response Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills Regulatory Compliance NIST_SP_800-53_R4 IR-9 NIST_SP_800-53_R4_IR-9 NIST SP 800-53 Rev. 4 IR-9 Information Spillage Response NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance NIST_SP_800-53_R4 IR-9(1) NIST_SP_800-53_R4_IR-9(1) NIST SP 800-53 Rev. 4 IR-9 (1) Responsible Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-53_R4 IR-9(2) NIST_SP_800-53_R4_IR-9(2) NIST SP 800-53 Rev. 4 IR-9 (2) Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures Regulatory Compliance NIST_SP_800-53_R4 IR-9(3) NIST_SP_800-53_R4_IR-9(3) NIST SP 800-53 Rev. 4 IR-9 (3) Post-Spill Operations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-53_R4 IR-9(4) NIST_SP_800-53_R4_IR-9(4) NIST SP 800-53 Rev. 4 IR-9 (4) Exposure To Unauthorized Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance NIST_SP_800-53_R4 MA-1 NIST_SP_800-53_R4_MA-1 NIST SP 800-53 Rev. 4 MA-1 System Maintenance Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-2 NIST_SP_800-53_R4_MA-2 NIST SP 800-53 Rev. 4 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MA-2 NIST_SP_800-53_R4_MA-2 NIST SP 800-53 Rev. 4 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MA-2 NIST_SP_800-53_R4_MA-2 NIST SP 800-53 Rev. 4 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-2 NIST_SP_800-53_R4_MA-2 NIST SP 800-53 Rev. 4 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance NIST_SP_800-53_R4 MA-2(2) NIST_SP_800-53_R4_MA-2(2) NIST SP 800-53 Rev. 4 MA-2 (2) Automated Maintenance Activities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance NIST_SP_800-53_R4 MA-2(2) NIST_SP_800-53_R4_MA-2(2) NIST SP 800-53 Rev. 4 MA-2 (2) Automated Maintenance Activities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-3 NIST_SP_800-53_R4_MA-3 NIST SP 800-53 Rev. 4 MA-3 Maintenance Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-3 NIST_SP_800-53_R4_MA-3 NIST SP 800-53 Rev. 4 MA-3 Maintenance Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(1) NIST_SP_800-53_R4_MA-3(1) NIST SP 800-53 Rev. 4 MA-3 (1) Inspect Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(1) NIST_SP_800-53_R4_MA-3(1) NIST SP 800-53 Rev. 4 MA-3 (1) Inspect Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(2) NIST_SP_800-53_R4_MA-3(2) NIST SP 800-53 Rev. 4 MA-3 (2) Inspect Media NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(2) NIST_SP_800-53_R4_MA-3(2) NIST SP 800-53 Rev. 4 MA-3 (2) Inspect Media NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MA-3(3) NIST_SP_800-53_R4_MA-3(3) NIST SP 800-53 Rev. 4 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(3) NIST_SP_800-53_R4_MA-3(3) NIST SP 800-53 Rev. 4 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MA-3(3) NIST_SP_800-53_R4_MA-3(3) NIST SP 800-53 Rev. 4 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R4 MA-3(3) NIST_SP_800-53_R4_MA-3(3) NIST SP 800-53 Rev. 4 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-4 NIST_SP_800-53_R4_MA-4 NIST SP 800-53 Rev. 4 MA-4 Nonlocal Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R4 MA-4(2) NIST_SP_800-53_R4_MA-4(2) NIST SP 800-53 Rev. 4 MA-4 (2) Document Nonlocal Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance Regulatory Compliance NIST_SP_800-53_R4 MA-4(3) NIST_SP_800-53_R4_MA-4(3) NIST SP 800-53 Rev. 4 MA-4 (3) Comparable Security / Sanitization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance NIST_SP_800-53_R4 MA-4(6) NIST_SP_800-53_R4_MA-4(6) NIST SP 800-53 Rev. 4 MA-4 (6) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance NIST_SP_800-53_R4 MA-5 NIST_SP_800-53_R4_MA-5 NIST SP 800-53 Rev. 4 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance NIST_SP_800-53_R4 MA-5 NIST_SP_800-53_R4_MA-5 NIST SP 800-53 Rev. 4 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance NIST_SP_800-53_R4 MA-5 NIST_SP_800-53_R4_MA-5 NIST SP 800-53 Rev. 4 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MA-5(1) NIST_SP_800-53_R4_MA-5(1) NIST SP 800-53 Rev. 4 MA-5 (1) Individuals Without Appropriate Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MA-5(1) NIST_SP_800-53_R4_MA-5(1) NIST SP 800-53 Rev. 4 MA-5 (1) Individuals Without Appropriate Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance NIST_SP_800-53_R4 MA-6 NIST_SP_800-53_R4_MA-6 NIST SP 800-53 Rev. 4 MA-6 Timely Maintenance NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance NIST_SP_800-53_R4 MP-1 NIST_SP_800-53_R4_MP-1 NIST SP 800-53 Rev. 4 MP-1 Media Protection Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-2 NIST_SP_800-53_R4_MP-2 NIST SP 800-53 Rev. 4 MP-2 Media Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-3 NIST_SP_800-53_R4_MP-3 NIST SP 800-53 Rev. 4 MP-3 Media Marking NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MP-4 NIST_SP_800-53_R4_MP-4 NIST SP 800-53 Rev. 4 MP-4 Media Storage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-4 NIST_SP_800-53_R4_MP-4 NIST SP 800-53 Rev. 4 MP-4 Media Storage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R4 MP-5 NIST_SP_800-53_R4_MP-5 NIST SP 800-53 Rev. 4 MP-5 Media Transport NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-5 NIST_SP_800-53_R4_MP-5 NIST SP 800-53 Rev. 4 MP-5 Media Transport NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R4 MP-5(4) NIST_SP_800-53_R4_MP-5(4) NIST SP 800-53 Rev. 4 MP-5 (4) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-5(4) NIST_SP_800-53_R4_MP-5(4) NIST SP 800-53 Rev. 4 MP-5 (4) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-6 NIST_SP_800-53_R4_MP-6 NIST SP 800-53 Rev. 4 MP-6 Media Sanitization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MP-6 NIST_SP_800-53_R4_MP-6 NIST SP 800-53 Rev. 4 MP-6 Media Sanitization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-6(1) NIST_SP_800-53_R4_MP-6(1) NIST SP 800-53 Rev. 4 MP-6 (1) Review / Approve / Track / Document / Verify NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MP-6(1) NIST_SP_800-53_R4_MP-6(1) NIST SP 800-53 Rev. 4 MP-6 (1) Review / Approve / Track / Document / Verify NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R4 MP-6(2) NIST_SP_800-53_R4_MP-6(2) NIST SP 800-53 Rev. 4 MP-6 (2) Equipment Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-6(2) NIST_SP_800-53_R4_MP-6(2) NIST SP 800-53 Rev. 4 MP-6 (2) Equipment Testing NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-53_R4 MP-7 NIST_SP_800-53_R4_MP-7 NIST SP 800-53 Rev. 4 MP-7 Media Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 MP-7 NIST_SP_800-53_R4_MP-7 NIST SP 800-53 Rev. 4 MP-7 Media Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R4 MP-7 NIST_SP_800-53_R4_MP-7 NIST SP 800-53 Rev. 4 MP-7 Media Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-7 NIST_SP_800-53_R4_MP-7 NIST SP 800-53 Rev. 4 MP-7 Media Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-53_R4 MP-7(1) NIST_SP_800-53_R4_MP-7(1) NIST SP 800-53 Rev. 4 MP-7 (1) Prohibit Use Without Owner NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 MP-7(1) NIST_SP_800-53_R4_MP-7(1) NIST SP 800-53 Rev. 4 MP-7 (1) Prohibit Use Without Owner NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R4 MP-7(1) NIST_SP_800-53_R4_MP-7(1) NIST SP 800-53 Rev. 4 MP-7 (1) Prohibit Use Without Owner NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 MP-7(1) NIST_SP_800-53_R4_MP-7(1) NIST SP 800-53 Rev. 4 MP-7 (1) Prohibit Use Without Owner NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PE-1 NIST_SP_800-53_R4_PE-1 NIST SP 800-53 Rev. 4 PE-1 Physical And Environmental Protection Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance NIST_SP_800-53_R4 PE-12 NIST_SP_800-53_R4_PE-12 NIST SP 800-53 Rev. 4 PE-12 Emergency Lighting NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-13 NIST_SP_800-53_R4_PE-13 NIST SP 800-53 Rev. 4 PE-13 Fire Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R4 PE-13(1) NIST_SP_800-53_R4_PE-13(1) NIST SP 800-53 Rev. 4 PE-13 (1) Detection Devices / Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-13(1) NIST_SP_800-53_R4_PE-13(1) NIST SP 800-53 Rev. 4 PE-13 (1) Detection Devices / Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance NIST_SP_800-53_R4 PE-13(1) NIST_SP_800-53_R4_PE-13(1) NIST SP 800-53 Rev. 4 PE-13 (1) Detection Devices / Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-13(2) NIST_SP_800-53_R4_PE-13(2) NIST SP 800-53 Rev. 4 PE-13 (2) Suppression Devices / Systems NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-13(3) NIST_SP_800-53_R4_PE-13(3) NIST SP 800-53 Rev. 4 PE-13 (3) Automatic Fire Suppression NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-14 NIST_SP_800-53_R4_PE-14 NIST SP 800-53 Rev. 4 PE-14 Temperature And Humidity Controls NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-53_R4 PE-14(2) NIST_SP_800-53_R4_PE-14(2) NIST SP 800-53 Rev. 4 PE-14 (2) Monitoring With Alarms / Notifications NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-14(2) NIST_SP_800-53_R4_PE-14(2) NIST SP 800-53 Rev. 4 PE-14 (2) Monitoring With Alarms / Notifications NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-15 NIST_SP_800-53_R4_PE-15 NIST SP 800-53 Rev. 4 PE-15 Water Damage Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance NIST_SP_800-53_R4 PE-16 NIST_SP_800-53_R4_PE-16 NIST SP 800-53 Rev. 4 PE-16 Delivery And Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R4 PE-16 NIST_SP_800-53_R4_PE-16 NIST SP 800-53 Rev. 4 PE-16 Delivery And Removal NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R4 PE-17 NIST_SP_800-53_R4_PE-17 NIST SP 800-53 Rev. 4 PE-17 Alternate Work Site NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-18 NIST_SP_800-53_R4_PE-18 NIST SP 800-53 Rev. 4 PE-18 Location Of Information System Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-2 NIST_SP_800-53_R4_PE-2 NIST SP 800-53 Rev. 4 PE-2 Physical Access Authorizations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-3 NIST_SP_800-53_R4_PE-3 NIST SP 800-53 Rev. 4 PE-3 Physical Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-3 NIST_SP_800-53_R4_PE-3 NIST SP 800-53 Rev. 4 PE-3 Physical Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-53_R4 PE-3 NIST_SP_800-53_R4_PE-3 NIST SP 800-53 Rev. 4 PE-3 Physical Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-53_R4 PE-3 NIST_SP_800-53_R4_PE-3 NIST SP 800-53 Rev. 4 PE-3 Physical Access Control NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-4 NIST_SP_800-53_R4_PE-4 NIST SP 800-53 Rev. 4 PE-4 Access Control For Transmission Medium NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-4 NIST_SP_800-53_R4_PE-4 NIST SP 800-53 Rev. 4 PE-4 Access Control For Transmission Medium NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-5 NIST_SP_800-53_R4_PE-5 NIST SP 800-53 Rev. 4 PE-5 Access Control For Output Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-5 NIST_SP_800-53_R4_PE-5 NIST SP 800-53 Rev. 4 PE-5 Access Control For Output Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance NIST_SP_800-53_R4 PE-5 NIST_SP_800-53_R4_PE-5 NIST SP 800-53 Rev. 4 PE-5 Access Control For Output Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance NIST_SP_800-53_R4 PE-6(1) NIST_SP_800-53_R4_PE-6(1) NIST SP 800-53 Rev. 4 PE-6 (1) Intrusion Alarms / Surveillance Equipment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-53_R4 PE-6(1) NIST_SP_800-53_R4_PE-6(1) NIST SP 800-53 Rev. 4 PE-6 (1) Intrusion Alarms / Surveillance Equipment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 PE-8 NIST_SP_800-53_R4_PE-8 NIST SP 800-53 Rev. 4 PE-8 Visitor Access Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R4 PE-8 NIST_SP_800-53_R4_PE-8 NIST SP 800-53 Rev. 4 PE-8 Visitor Access Records NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PL-1 NIST_SP_800-53_R4_PL-1 NIST SP 800-53 Rev. 4 PL-1 Security Planning Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-53_R4 PL-2 NIST_SP_800-53_R4_PL-2 NIST SP 800-53 Rev. 4 PL-2 System Security Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance NIST_SP_800-53_R4 PL-2(3) NIST_SP_800-53_R4_PL-2(3) NIST SP 800-53 Rev. 4 PL-2 (3) Plan / Coordinate With Other Organizational Entities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance NIST_SP_800-53_R4 PL-2(3) NIST_SP_800-53_R4_PL-2(3) NIST SP 800-53 Rev. 4 PL-2 (3) Plan / Coordinate With Other Organizational Entities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance NIST_SP_800-53_R4 PL-2(3) NIST_SP_800-53_R4_PL-2(3) NIST SP 800-53 Rev. 4 PL-2 (3) Plan / Coordinate With Other Organizational Entities NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance NIST_SP_800-53_R4 PL-4 NIST_SP_800-53_R4_PL-4 NIST SP 800-53 Rev. 4 PL-4 Rules Of Behavior NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PL-4(1) NIST_SP_800-53_R4_PL-4(1) NIST SP 800-53 Rev. 4 PL-4 (1) Social Media And Networking Restrictions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance NIST_SP_800-53_R4 PL-8 NIST_SP_800-53_R4_PL-8 NIST SP 800-53 Rev. 4 PL-8 Information Security Architecture NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance NIST_SP_800-53_R4 PL-8 NIST_SP_800-53_R4_PL-8 NIST SP 800-53 Rev. 4 PL-8 Information Security Architecture NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PS-1 NIST_SP_800-53_R4_PS-1 NIST SP 800-53 Rev. 4 PS-1 Personnel Security Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance NIST_SP_800-53_R4 PS-2 NIST_SP_800-53_R4_PS-2 NIST SP 800-53 Rev. 4 PS-2 Position Risk Designation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance NIST_SP_800-53_R4 PS-3 NIST_SP_800-53_R4_PS-3 NIST SP 800-53 Rev. 4 PS-3 Personnel Screening NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance NIST_SP_800-53_R4 PS-3 NIST_SP_800-53_R4_PS-3 NIST SP 800-53 Rev. 4 PS-3 Personnel Screening NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance NIST_SP_800-53_R4 PS-3 NIST_SP_800-53_R4_PS-3 NIST SP 800-53 Rev. 4 PS-3 Personnel Screening NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-53_R4 PS-3(3) NIST_SP_800-53_R4_PS-3(3) NIST SP 800-53 Rev. 4 PS-3 (3) Information With Special Protection Measures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance NIST_SP_800-53_R4 PS-4 NIST_SP_800-53_R4_PS-4 NIST SP 800-53 Rev. 4 PS-4 Personnel Termination NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
729c8708-2bec-093c-8427-2e87d2cd426d Automate notification of employee termination Regulatory Compliance NIST_SP_800-53_R4 PS-4(2) NIST_SP_800-53_R4_PS-4(2) NIST SP 800-53 Rev. 4 PS-4 (2) Automated Notification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-53_R4 PS-5 NIST_SP_800-53_R4_PS-5 NIST SP 800-53 Rev. 4 PS-5 Personnel Transfer NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance NIST_SP_800-53_R4 PS-5 NIST_SP_800-53_R4_PS-5 NIST SP 800-53 Rev. 4 PS-5 Personnel Transfer NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance NIST_SP_800-53_R4 PS-5 NIST_SP_800-53_R4_PS-5 NIST SP 800-53 Rev. 4 PS-5 Personnel Transfer NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance NIST_SP_800-53_R4 PS-5 NIST_SP_800-53_R4_PS-5 NIST SP 800-53 Rev. 4 PS-5 Personnel Transfer NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R4 PS-6 NIST_SP_800-53_R4_PS-6 NIST SP 800-53 Rev. 4 PS-6 Access Agreements NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance NIST_SP_800-53_R4 PS-7 NIST_SP_800-53_R4_PS-7 NIST SP 800-53 Rev. 4 PS-7 Third-Party Personnel Security NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance NIST_SP_800-53_R4 PS-8 NIST_SP_800-53_R4_PS-8 NIST SP 800-53 Rev. 4 PS-8 Personnel Sanctions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance NIST_SP_800-53_R4 PS-8 NIST_SP_800-53_R4_PS-8 NIST SP 800-53 Rev. 4 PS-8 Personnel Sanctions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance NIST_SP_800-53_R4 RA-1 NIST_SP_800-53_R4_RA-1 NIST SP 800-53 Rev. 4 RA-1 Risk Assessment Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance NIST_SP_800-53_R4 RA-2 NIST_SP_800-53_R4_RA-2 NIST SP 800-53 Rev. 4 RA-2 Security Categorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance NIST_SP_800-53_R4 RA-2 NIST_SP_800-53_R4_RA-2 NIST SP 800-53 Rev. 4 RA-2 Security Categorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance NIST_SP_800-53_R4 RA-2 NIST_SP_800-53_R4_RA-2 NIST SP 800-53 Rev. 4 RA-2 Security Categorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance NIST_SP_800-53_R4 RA-2 NIST_SP_800-53_R4_RA-2 NIST SP 800-53 Rev. 4 RA-2 Security Categorization NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R4 RA-3 NIST_SP_800-53_R4_RA-3 NIST SP 800-53 Rev. 4 RA-3 Risk Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance NIST_SP_800-53_R4 RA-3 NIST_SP_800-53_R4_RA-3 NIST SP 800-53 Rev. 4 RA-3 Risk Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance NIST_SP_800-53_R4 RA-3 NIST_SP_800-53_R4_RA-3 NIST SP 800-53 Rev. 4 RA-3 Risk Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance NIST_SP_800-53_R4 RA-3 NIST_SP_800-53_R4_RA-3 NIST SP 800-53 Rev. 4 RA-3 Risk Assessment NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-53_R4 RA-5 NIST_SP_800-53_R4_RA-5 NIST SP 800-53 Rev. 4 RA-5 Vulnerability Scanning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5(1) NIST_SP_800-53_R4_RA-5(1) NIST SP 800-53 Rev. 4 RA-5 (1) Update Tool Capability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5(1) NIST_SP_800-53_R4_RA-5(1) NIST SP 800-53 Rev. 4 RA-5 (1) Update Tool Capability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance NIST_SP_800-53_R4 RA-5(10) NIST_SP_800-53_R4_RA-5(10) NIST SP 800-53 Rev. 4 RA-5 (10) Correlate Scanning Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5(2) NIST_SP_800-53_R4_RA-5(2) NIST SP 800-53 Rev. 4 RA-5 (2) Update By Frequency / Prior To New Scan / When Identified NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5(2) NIST_SP_800-53_R4_RA-5(2) NIST SP 800-53 Rev. 4 RA-5 (2) Update By Frequency / Prior To New Scan / When Identified NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5(3) NIST_SP_800-53_R4_RA-5(3) NIST SP 800-53 Rev. 4 RA-5 (3) Breadth / Depth Of Coverage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5(3) NIST_SP_800-53_R4_RA-5(3) NIST SP 800-53 Rev. 4 RA-5 (3) Breadth / Depth Of Coverage NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d25cbded-121e-0ed6-1857-dc698c9095b1 Take action in response to customer information Regulatory Compliance NIST_SP_800-53_R4 RA-5(4) NIST_SP_800-53_R4_RA-5(4) NIST SP 800-53 Rev. 4 RA-5 (4) Discoverable Information NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance NIST_SP_800-53_R4 RA-5(5) NIST_SP_800-53_R4_RA-5(5) NIST SP 800-53 Rev. 4 RA-5 (5) Privileged Access NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 RA-5(6) NIST_SP_800-53_R4_RA-5(6) NIST SP 800-53 Rev. 4 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R4 RA-5(8) NIST_SP_800-53_R4_RA-5(8) NIST SP 800-53 Rev. 4 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance NIST_SP_800-53_R4 SA-1 NIST_SP_800-53_R4_SA-1 NIST SP 800-53 Rev. 4 SA-1 System And Services Acquisition Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 SA-10 NIST_SP_800-53_R4_SA-10 NIST SP 800-53 Rev. 4 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R4 SA-10(1) NIST_SP_800-53_R4_SA-10(1) NIST SP 800-53 Rev. 4 SA-10 (1) Software / Firmware Integrity Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance NIST_SP_800-53_R4 SA-11 NIST_SP_800-53_R4_SA-11 NIST SP 800-53 Rev. 4 SA-11 Developer Security Testing And Evaluation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SA-11 NIST_SP_800-53_R4_SA-11 NIST SP 800-53 Rev. 4 SA-11 Developer Security Testing And Evaluation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 SA-11 NIST_SP_800-53_R4_SA-11 NIST SP 800-53 Rev. 4 SA-11 Developer Security Testing And Evaluation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-53_R4 SA-12 NIST_SP_800-53_R4_SA-12 NIST SP 800-53 Rev. 4 SA-12 Supply Chain Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance NIST_SP_800-53_R4 SA-12 NIST_SP_800-53_R4_SA-12 NIST SP 800-53 Rev. 4 SA-12 Supply Chain Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance NIST_SP_800-53_R4 SA-12 NIST_SP_800-53_R4_SA-12 NIST SP 800-53 Rev. 4 SA-12 Supply Chain Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance NIST_SP_800-53_R4 SA-12 NIST_SP_800-53_R4_SA-12 NIST SP 800-53 Rev. 4 SA-12 Supply Chain Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance NIST_SP_800-53_R4 SA-15 NIST_SP_800-53_R4_SA-15 NIST SP 800-53 Rev. 4 SA-15 Development Process, Standards, And Tools NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance NIST_SP_800-53_R4 SA-16 NIST_SP_800-53_R4_SA-16 NIST SP 800-53 Rev. 4 SA-16 Developer-Provided Training NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance NIST_SP_800-53_R4 SA-17 NIST_SP_800-53_R4_SA-17 NIST SP 800-53 Rev. 4 SA-17 Developer Security Architecture And Design NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance NIST_SP_800-53_R4 SA-17 NIST_SP_800-53_R4_SA-17 NIST SP 800-53 Rev. 4 SA-17 Developer Security Architecture And Design NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance NIST_SP_800-53_R4 SA-17 NIST_SP_800-53_R4_SA-17 NIST SP 800-53 Rev. 4 SA-17 Developer Security Architecture And Design NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-53_R4 SA-2 NIST_SP_800-53_R4_SA-2 NIST SP 800-53 Rev. 4 SA-2 Allocation Of Resources NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance NIST_SP_800-53_R4 SA-3 NIST_SP_800-53_R4_SA-3 NIST SP 800-53 Rev. 4 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance NIST_SP_800-53_R4 SA-3 NIST_SP_800-53_R4_SA-3 NIST SP 800-53 Rev. 4 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance NIST_SP_800-53_R4 SA-3 NIST_SP_800-53_R4_SA-3 NIST SP 800-53 Rev. 4 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance NIST_SP_800-53_R4 SA-4 NIST_SP_800-53_R4_SA-4 NIST SP 800-53 Rev. 4 SA-4 Acquisition Process NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance NIST_SP_800-53_R4 SA-4(1) NIST_SP_800-53_R4_SA-4(1) NIST SP 800-53 Rev. 4 SA-4 (1) Functional Properties Of Security Controls NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance NIST_SP_800-53_R4 SA-4(10) NIST_SP_800-53_R4_SA-4(10) NIST SP 800-53 Rev. 4 SA-4 (10) Use Of Approved Piv Products NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance NIST_SP_800-53_R4 SA-4(2) NIST_SP_800-53_R4_SA-4(2) NIST SP 800-53 Rev. 4 SA-4 (2) Design / Implementation Information For Security Controls NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance NIST_SP_800-53_R4 SA-4(8) NIST_SP_800-53_R4_SA-4(8) NIST SP 800-53 Rev. 4 SA-4 (8) Continuous Monitoring Plan NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance NIST_SP_800-53_R4 SA-4(9) NIST_SP_800-53_R4_SA-4(9) NIST SP 800-53 Rev. 4 SA-4 (9) Functions / Ports / Protocols / Services In Use NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance NIST_SP_800-53_R4 SA-5 NIST_SP_800-53_R4_SA-5 NIST SP 800-53 Rev. 4 SA-5 Information System Documentation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-53_R4 SA-9 NIST_SP_800-53_R4_SA-9 NIST SP 800-53 Rev. 4 SA-9 External Information System Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance NIST_SP_800-53_R4 SA-9 NIST_SP_800-53_R4_SA-9 NIST SP 800-53 Rev. 4 SA-9 External Information System Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance NIST_SP_800-53_R4 SA-9 NIST_SP_800-53_R4_SA-9 NIST SP 800-53 Rev. 4 SA-9 External Information System Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance NIST_SP_800-53_R4 SA-9 NIST_SP_800-53_R4_SA-9 NIST SP 800-53 Rev. 4 SA-9 External Information System Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance NIST_SP_800-53_R4 SA-9(1) NIST_SP_800-53_R4_SA-9(1) NIST SP 800-53 Rev. 4 SA-9 (1) Risk Assessments / Organizational Approvals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-53_R4 SA-9(1) NIST_SP_800-53_R4_SA-9(1) NIST SP 800-53 Rev. 4 SA-9 (1) Risk Assessments / Organizational Approvals NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance NIST_SP_800-53_R4 SA-9(2) NIST_SP_800-53_R4_SA-9(2) NIST SP 800-53 Rev. 4 SA-9 (2) Identification Of Functions / Ports / Protocols / Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance NIST_SP_800-53_R4 SA-9(4) NIST_SP_800-53_R4_SA-9(4) NIST SP 800-53 Rev. 4 SA-9 (4) Consistent Interests Of Consumers And Providers NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance NIST_SP_800-53_R4 SA-9(5) NIST_SP_800-53_R4_SA-9(5) NIST SP 800-53 Rev. 4 SA-9 (5) Processing, Storage, And Service Location NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance NIST_SP_800-53_R4 SC-1 NIST_SP_800-53_R4_SC-1 NIST SP 800-53 Rev. 4 SC-1 System And Communications Protection Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance NIST_SP_800-53_R4 SC-10 NIST_SP_800-53_R4_SC-10 NIST SP 800-53 Rev. 4 SC-10 Network Disconnect NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 Cryptographic Key Establishment And Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance NIST_SP_800-53_R4 SC-12(1) NIST_SP_800-53_R4_SC-12(1) NIST SP 800-53 Rev. 4 SC-12 (1) Availability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R4 SC-12(2) NIST_SP_800-53_R4_SC-12(2) NIST SP 800-53 Rev. 4 SC-12 (2) Symmetric Keys NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R4 SC-12(3) NIST_SP_800-53_R4_SC-12(3) NIST SP 800-53 Rev. 4 SC-12 (3) Asymmetric Keys NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-53_R4 SC-13 NIST_SP_800-53_R4_SC-13 NIST SP 800-53 Rev. 4 SC-13 Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance NIST_SP_800-53_R4 SC-15 NIST_SP_800-53_R4_SC-15 NIST SP 800-53 Rev. 4 SC-15 Collaborative Computing Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance NIST_SP_800-53_R4 SC-15 NIST_SP_800-53_R4_SC-15 NIST SP 800-53 Rev. 4 SC-15 Collaborative Computing Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-53_R4 SC-17 NIST_SP_800-53_R4_SC-17 NIST SP 800-53 Rev. 4 SC-17 Public Key Infrastructure Certificates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance NIST_SP_800-53_R4 SC-18 NIST_SP_800-53_R4_SC-18 NIST SP 800-53 Rev. 4 SC-18 Mobile Code NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance NIST_SP_800-53_R4 SC-18 NIST_SP_800-53_R4_SC-18 NIST SP 800-53 Rev. 4 SC-18 Mobile Code NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NIST_SP_800-53_R4 SC-18 NIST_SP_800-53_R4_SC-18 NIST SP 800-53 Rev. 4 SC-18 Mobile Code NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
68a39c2b-0f17-69ee-37a3-aa10f9853a08 Establish voip usage restrictions Regulatory Compliance NIST_SP_800-53_R4 SC-19 NIST_SP_800-53_R4_SC-19 NIST SP 800-53 Rev. 4 SC-19 Voice Over Internet Protocol NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance NIST_SP_800-53_R4 SC-19 NIST_SP_800-53_R4_SC-19 NIST SP 800-53 Rev. 4 SC-19 Voice Over Internet Protocol NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance NIST_SP_800-53_R4 SC-2 NIST_SP_800-53_R4_SC-2 NIST SP 800-53 Rev. 4 SC-2 Application Partitioning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R4 SC-2 NIST_SP_800-53_R4_SC-2 NIST SP 800-53 Rev. 4 SC-2 Application Partitioning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance NIST_SP_800-53_R4 SC-2 NIST_SP_800-53_R4_SC-2 NIST SP 800-53 Rev. 4 SC-2 Application Partitioning NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R4 SC-20 NIST_SP_800-53_R4_SC-20 NIST SP 800-53 Rev. 4 SC-20 Secure Name /Address Resolution Service (Authoritative Source) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance NIST_SP_800-53_R4 SC-20 NIST_SP_800-53_R4_SC-20 NIST SP 800-53 Rev. 4 SC-20 Secure Name /Address Resolution Service (Authoritative Source) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R4 SC-21 NIST_SP_800-53_R4_SC-21 NIST SP 800-53 Rev. 4 SC-21 Secure Name /Address Resolution Service (Recursive Or Caching Resolver) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R4 SC-21 NIST_SP_800-53_R4_SC-21 NIST SP 800-53 Rev. 4 SC-21 Secure Name /Address Resolution Service (Recursive Or Caching Resolver) NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R4 SC-22 NIST_SP_800-53_R4_SC-22 NIST SP 800-53 Rev. 4 SC-22 Architecture And Provisioning For Name/Address Resolution Service NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance NIST_SP_800-53_R4 SC-23 NIST_SP_800-53_R4_SC-23 NIST SP 800-53 Rev. 4 SC-23 Session Authenticity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-53_R4 SC-23 NIST_SP_800-53_R4_SC-23 NIST SP 800-53 Rev. 4 SC-23 Session Authenticity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
396f465d-375e-57de-58ba-021adb008191 Invalidate session identifiers at logout Regulatory Compliance NIST_SP_800-53_R4 SC-23(1) NIST_SP_800-53_R4_SC-23(1) NIST SP 800-53 Rev. 4 SC-23 (1) Invalidate Session Identifiers At Logout NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance NIST_SP_800-53_R4 SC-24 NIST_SP_800-53_R4_SC-24 NIST SP 800-53 Rev. 4 SC-24 Fail In Known State NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-53_R4 SC-28 NIST_SP_800-53_R4_SC-28 NIST SP 800-53 Rev. 4 SC-28 Protection Of Information At Rest NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-53_R4 SC-28(1) NIST_SP_800-53_R4_SC-28(1) NIST SP 800-53 Rev. 4 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NIST_SP_800-53_R4 SC-3 NIST_SP_800-53_R4_SC-3 NIST SP 800-53 Rev. 4 SC-3 Security Function Isolation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R4 SC-3 NIST_SP_800-53_R4_SC-3 NIST SP 800-53 Rev. 4 SC-3 Security Function Isolation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-53_R4 SC-3 NIST_SP_800-53_R4_SC-3 NIST SP 800-53 Rev. 4 SC-3 Security Function Isolation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SC-3 NIST_SP_800-53_R4_SC-3 NIST SP 800-53 Rev. 4 SC-3 Security Function Isolation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance NIST_SP_800-53_R4 SC-39 NIST_SP_800-53_R4_SC-39 NIST SP 800-53 Rev. 4 SC-39 Process Isolation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center NIST_SP_800-53_R4 SC-5 NIST_SP_800-53_R4_SC-5 NIST SP 800-53 Rev. 4 SC-5 Denial Of Service Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance NIST_SP_800-53_R4 SC-6 NIST_SP_800-53_R4_SC-6 NIST SP 800-53 Rev. 4 SC-6 Resource Availability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance NIST_SP_800-53_R4 SC-6 NIST_SP_800-53_R4_SC-6 NIST SP 800-53 Rev. 4 SC-6 Resource Availability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance NIST_SP_800-53_R4 SC-6 NIST_SP_800-53_R4_SC-6 NIST SP 800-53 Rev. 4 SC-6 Resource Availability NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 SC-7 NIST_SP_800-53_R4_SC-7 NIST SP 800-53 Rev. 4 SC-7 Boundary Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SC-7(12) NIST_SP_800-53_R4_SC-7(12) NIST SP 800-53 Rev. 4 SC-7 (12) Host-Based Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance NIST_SP_800-53_R4 SC-7(13) NIST_SP_800-53_R4_SC-7(13) NIST SP 800-53 Rev. 4 SC-7 (13) Isolation Of Security Tools / Mechanisms / Support Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SC-7(18) NIST_SP_800-53_R4_SC-7(18) NIST SP 800-53 Rev. 4 SC-7 (18) Fail Secure NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components Regulatory Compliance NIST_SP_800-53_R4 SC-7(18) NIST_SP_800-53_R4_SC-7(18) NIST SP 800-53 Rev. 4 SC-7 (18) Fail Secure NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources Regulatory Compliance NIST_SP_800-53_R4 SC-7(20) NIST_SP_800-53_R4_SC-7(20) NIST SP 800-53 Rev. 4 SC-7 (20) Dynamic Isolation / Segregation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance NIST_SP_800-53_R4 SC-7(21) NIST_SP_800-53_R4_SC-7(21) NIST SP 800-53 Rev. 4 SC-7 (21) Isolation Of Information System Components NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R4 SC-7(3) NIST_SP_800-53_R4_SC-7(3) NIST SP 800-53 Rev. 4 SC-7 (3) Access Points NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance NIST_SP_800-53_R4 SC-7(4) NIST_SP_800-53_R4_SC-7(4) NIST SP 800-53 Rev. 4 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SC-7(4) NIST_SP_800-53_R4_SC-7(4) NIST SP 800-53 Rev. 4 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance NIST_SP_800-53_R4 SC-7(4) NIST_SP_800-53_R4_SC-7(4) NIST SP 800-53 Rev. 4 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance NIST_SP_800-53_R4 SC-7(7) NIST_SP_800-53_R4_SC-7(7) NIST SP 800-53 Rev. 4 SC-7 (7) Prevent Split Tunneling For Remote Devices NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance NIST_SP_800-53_R4 SC-7(8) NIST_SP_800-53_R4_SC-7(8) NIST SP 800-53 Rev. 4 SC-7 (8) Route Traffic To Authenticated Proxy Servers NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R4 SC-8 NIST_SP_800-53_R4_SC-8 NIST SP 800-53 Rev. 4 SC-8 Transmission Confidentiality And Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-53_R4 SC-8(1) NIST_SP_800-53_R4_SC-8(1) NIST SP 800-53 Rev. 4 SC-8 (1) Cryptographic Or Alternate Physical Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance NIST_SP_800-53_R4 SI-1 NIST_SP_800-53_R4_SI-1 NIST SP 800-53 Rev. 4 SI-1 System And Information Integrity Policy And Procedures NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance NIST_SP_800-53_R4 SI-10 NIST_SP_800-53_R4_SI-10 NIST SP 800-53 Rev. 4 SI-10 Information Input Validation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance NIST_SP_800-53_R4 SI-11 NIST_SP_800-53_R4_SI-11 NIST SP 800-53 Rev. 4 SI-11 Error Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance NIST_SP_800-53_R4 SI-11 NIST_SP_800-53_R4_SI-11 NIST SP 800-53 Rev. 4 SI-11 Error Handling NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance NIST_SP_800-53_R4 SI-12 NIST_SP_800-53_R4_SI-12 NIST SP 800-53 Rev. 4 SI-12 Information Handling And Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance NIST_SP_800-53_R4 SI-12 NIST_SP_800-53_R4_SI-12 NIST SP 800-53 Rev. 4 SI-12 Information Handling And Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R4 SI-12 NIST_SP_800-53_R4_SI-12 NIST SP 800-53 Rev. 4 SI-12 Information Handling And Retention NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-16 NIST_SP_800-53_R4_SI-16 NIST SP 800-53 Rev. 4 SI-16 Memory Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R4 SI-16 NIST_SP_800-53_R4_SI-16 NIST SP 800-53 Rev. 4 SI-16 Memory Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center NIST_SP_800-53_R4 SI-2 NIST_SP_800-53_R4_SI-2 NIST SP 800-53 Rev. 4 SI-2 Flaw Remediation NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance NIST_SP_800-53_R4 SI-2(2) NIST_SP_800-53_R4_SI-2(2) NIST SP 800-53 Rev. 4 SI-2 (2) Automated Flaw Remediation Status NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R4 SI-2(2) NIST_SP_800-53_R4_SI-2(2) NIST SP 800-53 Rev. 4 SI-2 (2) Automated Flaw Remediation Status NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance NIST_SP_800-53_R4 SI-2(3) NIST_SP_800-53_R4_SI-2(3) NIST SP 800-53 Rev. 4 SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance NIST_SP_800-53_R4 SI-2(3) NIST_SP_800-53_R4_SI-2(3) NIST SP 800-53 Rev. 4 SI-2 (3) Time To Remediate Flaws / Benchmarks For Corrective Actions NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R4 SI-2(6) NIST_SP_800-53_R4_SI-2(6) NIST SP 800-53 Rev. 4 SI-2 (6) Removal of Previous Versions of Software / Firmware NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R4 SI-2(6) NIST_SP_800-53_R4_SI-2(6) NIST SP 800-53 Rev. 4 SI-2 (6) Removal of Previous Versions of Software / Firmware NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R4 SI-2(6) NIST_SP_800-53_R4_SI-2(6) NIST SP 800-53 Rev. 4 SI-2 (6) Removal of Previous Versions of Software / Firmware NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R4 SI-3 NIST_SP_800-53_R4_SI-3 NIST SP 800-53 Rev. 4 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-53_R4 SI-3(1) NIST_SP_800-53_R4_SI-3(1) NIST SP 800-53 Rev. 4 SI-3 (1) Central Management NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R4 SI-3(2) NIST_SP_800-53_R4_SI-3(2) NIST SP 800-53 Rev. 4 SI-3 (2) Automatic Updates NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R4 SI-3(7) NIST_SP_800-53_R4_SI-3(7) NIST SP 800-53 Rev. 4 SI-3 (7) Nonsignature-Based Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R4 SI-4 NIST_SP_800-53_R4_SI-4 NIST SP 800-53 Rev. 4 SI-4 Information System Monitoring NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 SI-4(12) NIST_SP_800-53_R4_SI-4(12) NIST SP 800-53 Rev. 4 SI-4 (12) Automated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R4 SI-4(12) NIST_SP_800-53_R4_SI-4(12) NIST SP 800-53 Rev. 4 SI-4 (12) Automated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R4 SI-4(12) NIST_SP_800-53_R4_SI-4(12) NIST SP 800-53 Rev. 4 SI-4 (12) Automated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance NIST_SP_800-53_R4 SI-4(14) NIST_SP_800-53_R4_SI-4(14) NIST SP 800-53 Rev. 4 SI-4 (14) Wireless Intrusion Detection NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-53_R4 SI-4(2) NIST_SP_800-53_R4_SI-4(2) NIST SP 800-53 Rev. 4 SI-4 (2) Automated Tools For Real-Time Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R4 SI-4(2) NIST_SP_800-53_R4_SI-4(2) NIST SP 800-53 Rev. 4 SI-4 (2) Automated Tools For Real-Time Analysis NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance NIST_SP_800-53_R4 SI-4(22) NIST_SP_800-53_R4_SI-4(22) NIST SP 800-53 Rev. 4 SI-4 (22) Unauthorized Network Services NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance NIST_SP_800-53_R4 SI-4(24) NIST_SP_800-53_R4_SI-4(24) NIST SP 800-53 Rev. 4 SI-4 (24) Indicators Of Compromise NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R4 SI-4(4) NIST_SP_800-53_R4_SI-4(4) NIST SP 800-53 Rev. 4 SI-4 (4) Inbound And Outbound Communications Traffic NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance NIST_SP_800-53_R4 SI-4(4) NIST_SP_800-53_R4_SI-4(4) NIST SP 800-53 Rev. 4 SI-4 (4) Inbound And Outbound Communications Traffic NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R4 SI-4(4) NIST_SP_800-53_R4_SI-4(4) NIST SP 800-53 Rev. 4 SI-4 (4) Inbound And Outbound Communications Traffic NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-53_R4 SI-4(4) NIST_SP_800-53_R4_SI-4(4) NIST SP 800-53 Rev. 4 SI-4 (4) Inbound And Outbound Communications Traffic NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R4 SI-4(5) NIST_SP_800-53_R4_SI-4(5) NIST SP 800-53 Rev. 4 SI-4 (5) System-Generated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance NIST_SP_800-53_R4 SI-4(5) NIST_SP_800-53_R4_SI-4(5) NIST SP 800-53 Rev. 4 SI-4 (5) System-Generated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance NIST_SP_800-53_R4 SI-4(5) NIST_SP_800-53_R4_SI-4(5) NIST SP 800-53 Rev. 4 SI-4 (5) System-Generated Alerts NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance NIST_SP_800-53_R4 SI-5 NIST_SP_800-53_R4_SI-5 NIST SP 800-53 Rev. 4 SI-5 Security Alerts, Advisories, And Directives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance NIST_SP_800-53_R4 SI-5 NIST_SP_800-53_R4_SI-5 NIST SP 800-53 Rev. 4 SI-5 Security Alerts, Advisories, And Directives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance NIST_SP_800-53_R4 SI-5 NIST_SP_800-53_R4_SI-5 NIST SP 800-53 Rev. 4 SI-5 Security Alerts, Advisories, And Directives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance NIST_SP_800-53_R4 SI-5 NIST_SP_800-53_R4_SI-5 NIST SP 800-53 Rev. 4 SI-5 Security Alerts, Advisories, And Directives NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance NIST_SP_800-53_R4 SI-5(1) NIST_SP_800-53_R4_SI-5(1) NIST SP 800-53 Rev. 4 SI-5 (1) Automated Alerts And Advisories NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance NIST_SP_800-53_R4 SI-6 NIST_SP_800-53_R4_SI-6 NIST SP 800-53 Rev. 4 SI-6 Security Function Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance NIST_SP_800-53_R4 SI-6 NIST_SP_800-53_R4_SI-6 NIST SP 800-53 Rev. 4 SI-6 Security Function Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance NIST_SP_800-53_R4 SI-6 NIST_SP_800-53_R4_SI-6 NIST SP 800-53 Rev. 4 SI-6 Security Function Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance NIST_SP_800-53_R4 SI-6 NIST_SP_800-53_R4_SI-6 NIST SP 800-53 Rev. 4 SI-6 Security Function Verification NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R4 SI-7 NIST_SP_800-53_R4_SI-7 NIST SP 800-53 Rev. 4 SI-7 Software, Firmware, And Information Integrity NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R4 SI-7(1) NIST_SP_800-53_R4_SI-7(1) NIST SP 800-53 Rev. 4 SI-7 (1) Integrity Checks NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-53_R4 SI-7(1) NIST_SP_800-53_R4_SI-7(1) NIST SP 800-53 Rev. 4 SI-7 (1) Integrity Checks NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
8e920169-739d-40b5-3f99-c4d855327bb2 Prohibit binary/machine-executable code Regulatory Compliance NIST_SP_800-53_R4 SI-7(14) NIST_SP_800-53_R4_SI-7(14) NIST SP 800-53 Rev. 4 SI-7 (14) Binary Or Machine Executable Code NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance NIST_SP_800-53_R4 SI-7(5) NIST_SP_800-53_R4_SI-7(5) NIST SP 800-53 Rev. 4 SI-7 (5) Automated Response To Integrity Violations NIST SP 800-53 Rev. 4 (cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AC-1 NIST_SP_800-53_R5_AC-1 NIST SP 800-53 Rev. 5 AC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AC-1 NIST_SP_800-53_R5_AC-1 NIST SP 800-53 Rev. 5 AC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R5 AC-1 NIST_SP_800-53_R5_AC-1 NIST SP 800-53 Rev. 5 AC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AC-1 NIST_SP_800-53_R5_AC-1 NIST SP 800-53 Rev. 5 AC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d8350d4c-9314-400b-288f-20ddfce04fbd Define and enforce the limit of concurrent sessions Regulatory Compliance NIST_SP_800-53_R5 AC-10 NIST_SP_800-53_R5_AC-10 NIST SP 800-53 Rev. 5 AC-10 Concurrent Session Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance NIST_SP_800-53_R5 AC-12 NIST_SP_800-53_R5_AC-12 NIST SP 800-53 Rev. 5 AC-12 Session Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db580551-0b3c-4ea1-8a4c-4cdb5feb340f Provide the logout capability Regulatory Compliance NIST_SP_800-53_R5 AC-12(1) NIST_SP_800-53_R5_AC-12(1) NIST SP 800-53 Rev. 5 AC-12 (1) User-initiated Logouts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0471c6b7-1588-701c-2713-1fade73b75f6 Display an explicit logout message Regulatory Compliance NIST_SP_800-53_R5 AC-12(1) NIST_SP_800-53_R5_AC-12(1) NIST SP 800-53 Rev. 5 AC-12 (1) User-initiated Logouts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance NIST_SP_800-53_R5 AC-14 NIST_SP_800-53_R5_AC-14 NIST SP 800-53 Rev. 5 AC-14 Permitted Actions Without Identification or Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AC-16 NIST_SP_800-53_R5_AC-16 NIST SP 800-53 Rev. 5 AC-16 Security and Privacy Attributes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AC-16 NIST_SP_800-53_R5_AC-16 NIST SP 800-53 Rev. 5 AC-16 Security and Privacy Attributes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 AC-17 NIST_SP_800-53_R5_AC-17 NIST SP 800-53 Rev. 5 AC-17 Remote Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 AC-17(1) NIST_SP_800-53_R5_AC-17(1) NIST SP 800-53 Rev. 5 AC-17 (1) Monitoring and Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance NIST_SP_800-53_R5 AC-17(2) NIST_SP_800-53_R5_AC-17(2) NIST SP 800-53 Rev. 5 AC-17 (2) Protection of Confidentiality and Integrity Using Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R5 AC-17(2) NIST_SP_800-53_R5_AC-17(2) NIST SP 800-53 Rev. 5 AC-17 (2) Protection of Confidentiality and Integrity Using Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-53_R5 AC-17(3) NIST_SP_800-53_R5_AC-17(3) NIST SP 800-53 Rev. 5 AC-17 (3) Managed Access Control Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01c387ea-383d-4ca9-295a-977fab516b03 Authorize remote access to privileged commands Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R5 AC-17(4) NIST_SP_800-53_R5_AC-17(4) NIST SP 800-53 Rev. 5 AC-17 (4) Privileged Commands and Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4edaca8c-0912-1ac5-9eaa-6a1057740fae Provide capability to disconnect or disable remote access Regulatory Compliance NIST_SP_800-53_R5 AC-17(9) NIST_SP_800-53_R5_AC-17(9) NIST SP 800-53 Rev. 5 AC-17 (9) Disconnect or Disable Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-53_R5 AC-18 NIST_SP_800-53_R5_AC-18 NIST SP 800-53 Rev. 5 AC-18 Wireless Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-53_R5 AC-18 NIST_SP_800-53_R5_AC-18 NIST SP 800-53 Rev. 5 AC-18 Wireless Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance NIST_SP_800-53_R5 AC-18(1) NIST_SP_800-53_R5_AC-18(1) NIST SP 800-53 Rev. 5 AC-18 (1) Authentication and Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance NIST_SP_800-53_R5 AC-18(1) NIST_SP_800-53_R5_AC-18(1) NIST SP 800-53 Rev. 5 AC-18 (1) Authentication and Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance NIST_SP_800-53_R5 AC-18(1) NIST_SP_800-53_R5_AC-18(1) NIST SP 800-53 Rev. 5 AC-18 (1) Authentication and Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-53_R5 AC-19 NIST_SP_800-53_R5_AC-19 NIST SP 800-53 Rev. 5 AC-19 Access Control for Mobile Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance NIST_SP_800-53_R5 AC-19(5) NIST_SP_800-53_R5_AC-19(5) NIST SP 800-53 Rev. 5 AC-19 (5) Full Device or Container-based Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R5 AC-19(5) NIST_SP_800-53_R5_AC-19(5) NIST SP 800-53 Rev. 5 AC-19 (5) Full Device or Container-based Encryption NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2 NIST_SP_800-53_R5_AC-2 NIST SP 800-53 Rev. 5 AC-2 Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(1) NIST_SP_800-53_R5_AC-2(1) NIST SP 800-53 Rev. 5 AC-2 (1) Automated System Account Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fd81a1b3-2d7a-107c-507e-29b87d040c19 Enforce appropriate usage of all accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(11) NIST_SP_800-53_R5_AC-2(11) NIST SP 800-53 Rev. 5 AC-2 (11) Usage Conditions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AC-2(12) NIST_SP_800-53_R5_AC-2(12) NIST SP 800-53 Rev. 5 AC-2 (12) Account Monitoring for Atypical Usage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22c16ae4-19d0-29cb-422f-cb44061180ee Disable user accounts posing a significant risk Regulatory Compliance NIST_SP_800-53_R5 AC-2(13) NIST_SP_800-53_R5_AC-2(13) NIST SP 800-53 Rev. 5 AC-2 (13) Disable Accounts for High-risk Individuals NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-53_R5 AC-2(3) NIST_SP_800-53_R5_AC-2(3) NIST SP 800-53 Rev. 5 AC-2 (3) Disable Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R5 AC-2(3) NIST_SP_800-53_R5_AC-2(3) NIST SP 800-53 Rev. 5 AC-2 (3) Disable Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R5 AC-2(4) NIST_SP_800-53_R5_AC-2(4) NIST SP 800-53 Rev. 5 AC-2 (4) Automated Audit Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance NIST_SP_800-53_R5 AC-2(5) NIST_SP_800-53_R5_AC-2(5) NIST SP 800-53 Rev. 5 AC-2 (5) Inactivity Logout NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-53_R5 AC-2(7) NIST_SP_800-53_R5_AC-2(7) NIST SP 800-53 Rev. 5 AC-2 (7) Privileged User Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance NIST_SP_800-53_R5 AC-2(9) NIST_SP_800-53_R5_AC-2(9) NIST SP 800-53 Rev. 5 AC-2 (9) Restrictions on Use of Shared and Group Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance NIST_SP_800-53_R5 AC-20 NIST_SP_800-53_R5_AC-20 NIST SP 800-53 Rev. 5 AC-20 Use of External Systems NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance NIST_SP_800-53_R5 AC-20 NIST_SP_800-53_R5_AC-20 NIST SP 800-53 Rev. 5 AC-20 Use of External Systems NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance NIST_SP_800-53_R5 AC-20(1) NIST_SP_800-53_R5_AC-20(1) NIST SP 800-53 Rev. 5 AC-20 (1) Limits on Authorized Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 AC-20(2) NIST_SP_800-53_R5_AC-20(2) NIST SP 800-53 Rev. 5 AC-20 (2) Portable Storage Devices ??? Restricted Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R5 AC-20(2) NIST_SP_800-53_R5_AC-20(2) NIST SP 800-53 Rev. 5 AC-20 (2) Portable Storage Devices ??? Restricted Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R5 AC-20(2) NIST_SP_800-53_R5_AC-20(2) NIST SP 800-53 Rev. 5 AC-20 (2) Portable Storage Devices ??? Restricted Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a44c9fba-43f8-4b7b-7ee6-db52c96b4366 Facilitate information sharing Regulatory Compliance NIST_SP_800-53_R5 AC-21 NIST_SP_800-53_R5_AC-21 NIST SP 800-53 Rev. 5 AC-21 Information Sharing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e54901fe-42c2-7f3b-3c5f-327aa5320a69 Automate information sharing decisions Regulatory Compliance NIST_SP_800-53_R5 AC-21 NIST_SP_800-53_R5_AC-21 NIST SP 800-53 Rev. 5 AC-21 Information Sharing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b5244f81-6cab-3188-2412-179162294996 Review publicly accessible content for nonpublic information Regulatory Compliance NIST_SP_800-53_R5 AC-22 NIST_SP_800-53_R5_AC-22 NIST SP 800-53 Rev. 5 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
97f0d974-1486-01e2-2088-b888f46c0589 Train personnel on disclosure of nonpublic information Regulatory Compliance NIST_SP_800-53_R5 AC-22 NIST_SP_800-53_R5_AC-22 NIST SP 800-53 Rev. 5 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4512986-80f5-1656-0c58-08866bd2673a Designate authorized personnel to post publicly accessible information Regulatory Compliance NIST_SP_800-53_R5 AC-22 NIST_SP_800-53_R5_AC-22 NIST SP 800-53 Rev. 5 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9e3c505e-7aeb-2096-3417-b132242731fc Review content prior to posting publicly accessible information Regulatory Compliance NIST_SP_800-53_R5 AC-22 NIST_SP_800-53_R5_AC-22 NIST SP 800-53 Rev. 5 AC-22 Publicly Accessible Content NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R5 AC-3 NIST_SP_800-53_R5_AC-3 NIST SP 800-53 Rev. 5 AC-3 Access Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center NIST_SP_800-53_R5 AC-3(7) NIST_SP_800-53_R5_AC-3(7) NIST SP 800-53 Rev. 5 AC-3 (7) Role-based Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5 AC-4 NIST_SP_800-53_R5_AC-4 NIST SP 800-53 Rev. 5 AC-4 Information Flow Enforcement NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance NIST_SP_800-53_R5 AC-4(21) NIST_SP_800-53_R5_AC-4(21) NIST SP 800-53 Rev. 5 AC-4 (21) Physical or Logical Separation of Information Flows NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance NIST_SP_800-53_R5 AC-4(21) NIST_SP_800-53_R5_AC-4(21) NIST SP 800-53 Rev. 5 AC-4 (21) Physical or Logical Separation of Information Flows NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance NIST_SP_800-53_R5 AC-4(21) NIST_SP_800-53_R5_AC-4(21) NIST SP 800-53 Rev. 5 AC-4 (21) Physical or Logical Separation of Information Flows NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance NIST_SP_800-53_R5 AC-4(21) NIST_SP_800-53_R5_AC-4(21) NIST SP 800-53 Rev. 5 AC-4 (21) Physical or Logical Separation of Information Flows NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-53_R5 AC-4(3) NIST_SP_800-53_R5_AC-4(3) NIST SP 800-53 Rev. 5 AC-4 (3) Dynamic Information Flow Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 AC-4(3) NIST_SP_800-53_R5_AC-4(3) NIST SP 800-53 Rev. 5 AC-4 (3) Dynamic Information Flow Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance NIST_SP_800-53_R5 AC-4(8) NIST_SP_800-53_R5_AC-4(8) NIST SP 800-53 Rev. 5 AC-4 (8) Security and Privacy Policy Filters NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NIST_SP_800-53_R5 AC-5 NIST_SP_800-53_R5_AC-5 NIST SP 800-53 Rev. 5 AC-5 Separation of Duties NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance NIST_SP_800-53_R5 AC-5 NIST_SP_800-53_R5_AC-5 NIST SP 800-53 Rev. 5 AC-5 Separation of Duties NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance NIST_SP_800-53_R5 AC-5 NIST_SP_800-53_R5_AC-5 NIST SP 800-53 Rev. 5 AC-5 Separation of Duties NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance NIST_SP_800-53_R5 AC-5 NIST_SP_800-53_R5_AC-5 NIST SP 800-53 Rev. 5 AC-5 Separation of Duties NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R5 AC-6 NIST_SP_800-53_R5_AC-6 NIST SP 800-53 Rev. 5 AC-6 Least Privilege NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R5 AC-6 NIST_SP_800-53_R5_AC-6 NIST SP 800-53 Rev. 5 AC-6 Least Privilege NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance NIST_SP_800-53_R5 AC-6 NIST_SP_800-53_R5_AC-6 NIST SP 800-53 Rev. 5 AC-6 Least Privilege NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance NIST_SP_800-53_R5 AC-6 NIST_SP_800-53_R5_AC-6 NIST SP 800-53 Rev. 5 AC-6 Least Privilege NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance NIST_SP_800-53_R5 AC-6(1) NIST_SP_800-53_R5_AC-6(1) NIST SP 800-53 Rev. 5 AC-6 (1) Authorize Access to Security Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance NIST_SP_800-53_R5 AC-6(1) NIST_SP_800-53_R5_AC-6(1) NIST SP 800-53 Rev. 5 AC-6 (1) Authorize Access to Security Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance NIST_SP_800-53_R5 AC-6(1) NIST_SP_800-53_R5_AC-6(1) NIST SP 800-53 Rev. 5 AC-6 (1) Authorize Access to Security Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R5 AC-6(5) NIST_SP_800-53_R5_AC-6(5) NIST SP 800-53 Rev. 5 AC-6 (5) Privileged Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance NIST_SP_800-53_R5 AC-6(7) NIST_SP_800-53_R5_AC-6(7) NIST SP 800-53 Rev. 5 AC-6 (7) Review of User Privileges NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NIST_SP_800-53_R5 AC-6(7) NIST_SP_800-53_R5_AC-6(7) NIST SP 800-53 Rev. 5 AC-6 (7) Review of User Privileges NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NIST_SP_800-53_R5 AC-6(7) NIST_SP_800-53_R5_AC-6(7) NIST SP 800-53 Rev. 5 AC-6 (7) Review of User Privileges NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance NIST_SP_800-53_R5 AC-6(7) NIST_SP_800-53_R5_AC-6(7) NIST SP 800-53 Rev. 5 AC-6 (7) Review of User Privileges NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance NIST_SP_800-53_R5 AC-6(8) NIST_SP_800-53_R5_AC-6(8) NIST SP 800-53 Rev. 5 AC-6 (8) Privilege Levels for Code Execution NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance NIST_SP_800-53_R5 AC-6(9) NIST_SP_800-53_R5_AC-6(9) NIST SP 800-53 Rev. 5 AC-6 (9) Log Use of Privileged Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance NIST_SP_800-53_R5 AC-7 NIST_SP_800-53_R5_AC-7 NIST SP 800-53 Rev. 5 AC-7 Unsuccessful Logon Attempts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R5 AT-1 NIST_SP_800-53_R5_AT-1 NIST SP 800-53 Rev. 5 AT-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance NIST_SP_800-53_R5 AT-1 NIST_SP_800-53_R5_AT-1 NIST SP 800-53 Rev. 5 AT-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance NIST_SP_800-53_R5 AT-2 NIST_SP_800-53_R5_AT-2 NIST SP 800-53 Rev. 5 AT-2 Literacy Training and Awareness NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance NIST_SP_800-53_R5 AT-2 NIST_SP_800-53_R5_AT-2 NIST SP 800-53 Rev. 5 AT-2 Literacy Training and Awareness NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance NIST_SP_800-53_R5 AT-2 NIST_SP_800-53_R5_AT-2 NIST SP 800-53 Rev. 5 AT-2 Literacy Training and Awareness NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance NIST_SP_800-53_R5 AT-2(2) NIST_SP_800-53_R5_AT-2(2) NIST SP 800-53 Rev. 5 AT-2 (2) Insider Threat NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance NIST_SP_800-53_R5 AT-3 NIST_SP_800-53_R5_AT-3 NIST SP 800-53 Rev. 5 AT-3 Role-based Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance NIST_SP_800-53_R5 AT-3 NIST_SP_800-53_R5_AT-3 NIST SP 800-53 Rev. 5 AT-3 Role-based Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance NIST_SP_800-53_R5 AT-3 NIST_SP_800-53_R5_AT-3 NIST SP 800-53 Rev. 5 AT-3 Role-based Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance NIST_SP_800-53_R5 AT-3(3) NIST_SP_800-53_R5_AT-3(3) NIST SP 800-53 Rev. 5 AT-3 (3) Practical Exercises NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82bd024a-5c99-05d6-96ff-01f539676a1a Monitor security and privacy training completion Regulatory Compliance NIST_SP_800-53_R5 AT-4 NIST_SP_800-53_R5_AT-4 NIST SP 800-53 Rev. 5 AT-4 Training Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3153d9c0-2584-14d3-362d-578b01358aeb Retain training records Regulatory Compliance NIST_SP_800-53_R5 AT-4 NIST_SP_800-53_R5_AT-4 NIST SP 800-53 Rev. 5 AT-4 Training Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance NIST_SP_800-53_R5 AT-4 NIST_SP_800-53_R5_AT-4 NIST SP 800-53 Rev. 5 AT-4 Training Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-1 NIST_SP_800-53_R5_AU-1 NIST SP 800-53 Rev. 5 AU-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-1 NIST_SP_800-53_R5_AU-1 NIST SP 800-53 Rev. 5 AU-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R5 AU-1 NIST_SP_800-53_R5_AU-1 NIST SP 800-53 Rev. 5 AU-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-1 NIST_SP_800-53_R5_AU-1 NIST SP 800-53 Rev. 5 AU-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance NIST_SP_800-53_R5 AU-10 NIST_SP_800-53_R5_AU-10 NIST SP 800-53 Rev. 5 AU-10 Non-repudiation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-11 NIST_SP_800-53_R5_AU-11 NIST SP 800-53 Rev. 5 AU-11 Audit Record Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-53_R5 AU-11 NIST_SP_800-53_R5_AU-11 NIST SP 800-53 Rev. 5 AU-11 Audit Record Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NIST_SP_800-53_R5 AU-11 NIST_SP_800-53_R5_AU-11 NIST SP 800-53 Rev. 5 AU-11 Audit Record Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance NIST_SP_800-53_R5 AU-11 NIST_SP_800-53_R5_AU-11 NIST SP 800-53 Rev. 5 AU-11 Audit Record Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R5 AU-12 NIST_SP_800-53_R5_AU-12 NIST SP 800-53 Rev. 5 AU-12 Audit Record Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R5 AU-12(1) NIST_SP_800-53_R5_AU-12(1) NIST SP 800-53 Rev. 5 AU-12 (1) System-wide and Time-correlated Audit Trail NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d200f199-69f4-95a6-90b0-37ff0cf1040c Provide the capability to extend or limit auditing on customer-deployed resources Regulatory Compliance NIST_SP_800-53_R5 AU-12(3) NIST_SP_800-53_R5_AU-12(3) NIST SP 800-53 Rev. 5 AU-12 (3) Changes by Authorized Individuals NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R5 AU-2 NIST_SP_800-53_R5_AU-2 NIST SP 800-53 Rev. 5 AU-2 Event Logging NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R5 AU-3 NIST_SP_800-53_R5_AU-3 NIST SP 800-53 Rev. 5 AU-3 Content of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance NIST_SP_800-53_R5 AU-3(1) NIST_SP_800-53_R5_AU-3(1) NIST SP 800-53 Rev. 5 AU-3 (1) Additional Audit Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-53_R5 AU-4 NIST_SP_800-53_R5_AU-4 NIST SP 800-53 Rev. 5 AU-4 Audit Log Storage Capacity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance NIST_SP_800-53_R5 AU-5 NIST_SP_800-53_R5_AU-5 NIST SP 800-53 Rev. 5 AU-5 Response to Audit Logging Process Failures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance NIST_SP_800-53_R5 AU-5(2) NIST_SP_800-53_R5_AU-5(2) NIST SP 800-53 Rev. 5 AU-5 (2) Real-time Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R5 AU-6 NIST_SP_800-53_R5_AU-6 NIST SP 800-53 Rev. 5 AU-6 Audit Record Review, Analysis, and Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R5 AU-6(1) NIST_SP_800-53_R5_AU-6(1) NIST SP 800-53 Rev. 5 AU-6 (1) Automated Process Integration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R5 AU-6(3) NIST_SP_800-53_R5_AU-6(3) NIST SP 800-53 Rev. 5 AU-6 (3) Correlate Audit Record Repositories NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R5 AU-6(3) NIST_SP_800-53_R5_AU-6(3) NIST SP 800-53 Rev. 5 AU-6 (3) Correlate Audit Record Repositories NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-6(4) NIST_SP_800-53_R5_AU-6(4) NIST SP 800-53 Rev. 5 AU-6 (4) Central Review and Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
85335602-93f5-7730-830b-d43426fd51fa Integrate Audit record analysis Regulatory Compliance NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 AU-6(5) NIST_SP_800-53_R5_AU-6(5) NIST SP 800-53 Rev. 5 AU-6 (5) Integrated Analysis of Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3eecf628-a1c8-1b48-1b5c-7ca781e97970 Specify permitted actions associated with customer audit information Regulatory Compliance NIST_SP_800-53_R5 AU-6(7) NIST_SP_800-53_R5_AU-6(7) NIST SP 800-53 Rev. 5 AU-6 (7) Permitted Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
27ce30dd-3d56-8b54-6144-e26d9a37a541 Ensure audit records are not altered Regulatory Compliance NIST_SP_800-53_R5 AU-7 NIST_SP_800-53_R5_AU-7 NIST SP 800-53 Rev. 5 AU-7 Audit Record Reduction and Report Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
44f8a42d-739f-8030-89a8-4c2d5b3f6af3 Provide audit review, analysis, and reporting capability Regulatory Compliance NIST_SP_800-53_R5 AU-7 NIST_SP_800-53_R5_AU-7 NIST SP 800-53 Rev. 5 AU-7 Audit Record Reduction and Report Generation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
21633c09-804e-7fcd-78e3-635c6bfe2be7 Provide capability to process customer-controlled audit records Regulatory Compliance NIST_SP_800-53_R5 AU-7(1) NIST_SP_800-53_R5_AU-7(1) NIST SP 800-53 Rev. 5 AU-7 (1) Automatic Processing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance NIST_SP_800-53_R5 AU-8 NIST_SP_800-53_R5_AU-8 NIST SP 800-53 Rev. 5 AU-8 Time Stamps NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-53_R5 AU-9 NIST_SP_800-53_R5_AU-9 NIST SP 800-53 Rev. 5 AU-9 Protection of Audit Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance NIST_SP_800-53_R5 AU-9 NIST_SP_800-53_R5_AU-9 NIST SP 800-53 Rev. 5 AU-9 Protection of Audit Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-53_R5 AU-9(2) NIST_SP_800-53_R5_AU-9(2) NIST SP 800-53 Rev. 5 AU-9 (2) Store on Separate Physical Systems or Components NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance NIST_SP_800-53_R5 AU-9(3) NIST_SP_800-53_R5_AU-9(3) NIST SP 800-53 Rev. 5 AU-9 (3) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance NIST_SP_800-53_R5 AU-9(4) NIST_SP_800-53_R5_AU-9(4) NIST SP 800-53 Rev. 5 AU-9 (4) Access by Subset of Privileged Users NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CA-1 NIST_SP_800-53_R5_CA-1 NIST SP 800-53 Rev. 5 CA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance NIST_SP_800-53_R5 CA-2 NIST_SP_800-53_R5_CA-2 NIST SP 800-53 Rev. 5 CA-2 Control Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance NIST_SP_800-53_R5 CA-2 NIST_SP_800-53_R5_CA-2 NIST SP 800-53 Rev. 5 CA-2 Control Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance NIST_SP_800-53_R5 CA-2 NIST_SP_800-53_R5_CA-2 NIST SP 800-53 Rev. 5 CA-2 Control Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance NIST_SP_800-53_R5 CA-2 NIST_SP_800-53_R5_CA-2 NIST SP 800-53 Rev. 5 CA-2 Control Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b65c5d8e-9043-9612-2c17-65f231d763bb Employ independent assessors to conduct security control assessments Regulatory Compliance NIST_SP_800-53_R5 CA-2(1) NIST_SP_800-53_R5_CA-2(1) NIST SP 800-53 Rev. 5 CA-2 (1) Independent Assessors NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance NIST_SP_800-53_R5 CA-2(2) NIST_SP_800-53_R5_CA-2(2) NIST SP 800-53 Rev. 5 CA-2 (2) Specialized Assessments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3054c74b-9b45-2581-56cf-053a1a716c39 Accept assessment results Regulatory Compliance NIST_SP_800-53_R5 CA-2(3) NIST_SP_800-53_R5_CA-2(3) NIST SP 800-53 Rev. 5 CA-2 (3) Leveraging Results from External Organizations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance NIST_SP_800-53_R5 CA-3 NIST_SP_800-53_R5_CA-3 NIST SP 800-53 Rev. 5 CA-3 Information Exchange NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance NIST_SP_800-53_R5 CA-3 NIST_SP_800-53_R5_CA-3 NIST SP 800-53 Rev. 5 CA-3 Information Exchange NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance NIST_SP_800-53_R5 CA-5 NIST_SP_800-53_R5_CA-5 NIST SP 800-53 Rev. 5 CA-5 Plan of Action and Milestones NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance NIST_SP_800-53_R5 CA-5 NIST_SP_800-53_R5_CA-5 NIST SP 800-53 Rev. 5 CA-5 Plan of Action and Milestones NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e29a8f1b-149b-2fa3-969d-ebee1baa9472 Assign an authorizing official (AO) Regulatory Compliance NIST_SP_800-53_R5 CA-6 NIST_SP_800-53_R5_CA-6 NIST SP 800-53 Rev. 5 CA-6 Authorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Ensure resources are authorized Regulatory Compliance NIST_SP_800-53_R5 CA-6 NIST_SP_800-53_R5_CA-6 NIST SP 800-53 Rev. 5 CA-6 Authorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
449ebb52-945b-36e5-3446-af6f33770f8f Update the security authorization Regulatory Compliance NIST_SP_800-53_R5 CA-6 NIST_SP_800-53_R5_CA-6 NIST SP 800-53 Rev. 5 CA-6 Authorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance NIST_SP_800-53_R5 CA-7 NIST_SP_800-53_R5_CA-7 NIST SP 800-53 Rev. 5 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-53_R5 CA-7 NIST_SP_800-53_R5_CA-7 NIST SP 800-53 Rev. 5 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-53_R5 CA-7 NIST_SP_800-53_R5_CA-7 NIST SP 800-53 Rev. 5 CA-7 Continuous Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3baee3fd-30f5-882c-018c-cc78703a0106 Employ independent assessors for continuous monitoring Regulatory Compliance NIST_SP_800-53_R5 CA-7(1) NIST_SP_800-53_R5_CA-7(1) NIST SP 800-53 Rev. 5 CA-7 (1) Independent Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6a379d74-903b-244a-4c44-838728bea6b0 Analyse data obtained from continuous monitoring Regulatory Compliance NIST_SP_800-53_R5 CA-7(3) NIST_SP_800-53_R5_CA-7(3) NIST SP 800-53 Rev. 5 CA-7 (3) Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance NIST_SP_800-53_R5 CA-8(1) NIST_SP_800-53_R5_CA-8(1) NIST SP 800-53 Rev. 5 CA-8 (1) Independent Penetration Testing Agent or Team NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance NIST_SP_800-53_R5 CA-9 NIST_SP_800-53_R5_CA-9 NIST SP 800-53 Rev. 5 CA-9 Internal System Connections NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CM-1 NIST_SP_800-53_R5_CM-1 NIST SP 800-53 Rev. 5 CM-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R5 CM-10 NIST_SP_800-53_R5_CM-10 NIST SP 800-53 Rev. 5 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance NIST_SP_800-53_R5 CM-10 NIST_SP_800-53_R5_CM-10 NIST SP 800-53 Rev. 5 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance NIST_SP_800-53_R5 CM-10 NIST_SP_800-53_R5_CM-10 NIST SP 800-53 Rev. 5 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R5 CM-10 NIST_SP_800-53_R5_CM-10 NIST SP 800-53 Rev. 5 CM-10 Software Usage Restrictions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance NIST_SP_800-53_R5 CM-10(1) NIST_SP_800-53_R5_CM-10(1) NIST SP 800-53 Rev. 5 CM-10 (1) Open-source Software NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R5 CM-11 NIST_SP_800-53_R5_CM-11 NIST SP 800-53 Rev. 5 CM-11 User-installed Software NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R5 CM-11 NIST_SP_800-53_R5_CM-11 NIST SP 800-53 Rev. 5 CM-11 User-installed Software NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R5 CM-2 NIST_SP_800-53_R5_CM-2 NIST SP 800-53 Rev. 5 CM-2 Baseline Configuration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance NIST_SP_800-53_R5 CM-2(2) NIST_SP_800-53_R5_CM-2(2) NIST SP 800-53 Rev. 5 CM-2 (2) Automation Support for Accuracy and Currency NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance NIST_SP_800-53_R5 CM-2(3) NIST_SP_800-53_R5_CM-2(3) NIST SP 800-53 Rev. 5 CM-2 (3) Retention of Previous Configurations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance NIST_SP_800-53_R5 CM-2(7) NIST_SP_800-53_R5_CM-2(7) NIST SP 800-53 Rev. 5 CM-2 (7) Configure Systems and Components for High-risk Areas NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance NIST_SP_800-53_R5 CM-2(7) NIST_SP_800-53_R5_CM-2(7) NIST SP 800-53 Rev. 5 CM-2 (7) Configure Systems and Components for High-risk Areas NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-53_R5 CM-3 NIST_SP_800-53_R5_CM-3 NIST SP 800-53 Rev. 5 CM-3 Configuration Change Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance NIST_SP_800-53_R5 CM-3(1) NIST_SP_800-53_R5_CM-3(1) NIST SP 800-53 Rev. 5 CM-3 (1) Automated Documentation, Notification, and Prohibition of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-3(2) NIST_SP_800-53_R5_CM-3(2) NIST SP 800-53 Rev. 5 CM-3 (2) Testing, Validation, and Documentation of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R5 CM-3(2) NIST_SP_800-53_R5_CM-3(2) NIST SP 800-53 Rev. 5 CM-3 (2) Testing, Validation, and Documentation of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R5 CM-3(2) NIST_SP_800-53_R5_CM-3(2) NIST SP 800-53 Rev. 5 CM-3 (2) Testing, Validation, and Documentation of Changes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6abdf7c7-362b-3f35-099e-533ed50988f9 Assign information security representative to change control Regulatory Compliance NIST_SP_800-53_R5 CM-3(4) NIST_SP_800-53_R5_CM-3(4) NIST SP 800-53 Rev. 5 CM-3 (4) Security and Privacy Representatives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance NIST_SP_800-53_R5 CM-3(6) NIST_SP_800-53_R5_CM-3(6) NIST SP 800-53 Rev. 5 CM-3 (6) Cryptography Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R5 CM-4 NIST_SP_800-53_R5_CM-4 NIST SP 800-53 Rev. 5 CM-4 Impact Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance NIST_SP_800-53_R5 CM-4(1) NIST_SP_800-53_R5_CM-4(1) NIST SP 800-53 Rev. 5 CM-4 (1) Separate Test Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance NIST_SP_800-53_R5 CM-5 NIST_SP_800-53_R5_CM-5 NIST SP 800-53 Rev. 5 CM-5 Access Restrictions for Change NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance NIST_SP_800-53_R5 CM-5(1) NIST_SP_800-53_R5_CM-5(1) NIST SP 800-53 Rev. 5 CM-5 (1) Automated Access Enforcement and Audit Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance NIST_SP_800-53_R5 CM-5(5) NIST_SP_800-53_R5_CM-5(5) NIST SP 800-53 Rev. 5 CM-5 (5) Privilege Limitation for Production and Operation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance NIST_SP_800-53_R5 CM-5(5) NIST_SP_800-53_R5_CM-5(5) NIST SP 800-53 Rev. 5 CM-5 (5) Privilege Limitation for Production and Operation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NIST_SP_800-53_R5 CM-6 NIST_SP_800-53_R5_CM-6 NIST SP 800-53 Rev. 5 CM-6 Configuration Settings NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-53_R5 CM-6(1) NIST_SP_800-53_R5_CM-6(1) NIST SP 800-53 Rev. 5 CM-6 (1) Automated Management, Application, and Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance NIST_SP_800-53_R5 CM-6(1) NIST_SP_800-53_R5_CM-6(1) NIST SP 800-53 Rev. 5 CM-6 (1) Automated Management, Application, and Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance NIST_SP_800-53_R5 CM-6(1) NIST_SP_800-53_R5_CM-6(1) NIST SP 800-53 Rev. 5 CM-6 (1) Automated Management, Application, and Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R5 CM-7 NIST_SP_800-53_R5_CM-7 NIST SP 800-53 Rev. 5 CM-7 Least Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R5 CM-7 NIST_SP_800-53_R5_CM-7 NIST SP 800-53 Rev. 5 CM-7 Least Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 CM-7 NIST_SP_800-53_R5_CM-7 NIST SP 800-53 Rev. 5 CM-7 Least Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R5 CM-7(2) NIST_SP_800-53_R5_CM-7(2) NIST SP 800-53 Rev. 5 CM-7 (2) Prevent Program Execution NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R5 CM-7(2) NIST_SP_800-53_R5_CM-7(2) NIST SP 800-53 Rev. 5 CM-7 (2) Prevent Program Execution NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NIST_SP_800-53_R5 CM-7(5) NIST_SP_800-53_R5_CM-7(5) NIST SP 800-53 Rev. 5 CM-7 (5) Authorized Software ??? Allow-by-exception NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NIST_SP_800-53_R5 CM-7(5) NIST_SP_800-53_R5_CM-7(5) NIST SP 800-53 Rev. 5 CM-7 (5) Authorized Software ??? Allow-by-exception NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-53_R5 CM-8 NIST_SP_800-53_R5_CM-8 NIST SP 800-53 Rev. 5 CM-8 System Component Inventory NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R5 CM-8 NIST_SP_800-53_R5_CM-8 NIST SP 800-53 Rev. 5 CM-8 System Component Inventory NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance NIST_SP_800-53_R5 CM-8(1) NIST_SP_800-53_R5_CM-8(1) NIST SP 800-53 Rev. 5 CM-8 (1) Updates During Installation and Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R5 CM-8(1) NIST_SP_800-53_R5_CM-8(1) NIST SP 800-53 Rev. 5 CM-8 (1) Updates During Installation and Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance NIST_SP_800-53_R5 CM-8(3) NIST_SP_800-53_R5_CM-8(3) NIST SP 800-53 Rev. 5 CM-8 (3) Automated Unauthorized Component Detection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance NIST_SP_800-53_R5 CM-8(3) NIST_SP_800-53_R5_CM-8(3) NIST SP 800-53 Rev. 5 CM-8 (3) Automated Unauthorized Component Detection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance NIST_SP_800-53_R5 CM-8(4) NIST_SP_800-53_R5_CM-8(4) NIST SP 800-53 Rev. 5 CM-8 (4) Accountability Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-53_R5 CM-8(4) NIST_SP_800-53_R5_CM-8(4) NIST SP 800-53 Rev. 5 CM-8 (4) Accountability Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance NIST_SP_800-53_R5 CM-9 NIST_SP_800-53_R5_CM-9 NIST SP 800-53 Rev. 5 CM-9 Configuration Management Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CP-1 NIST_SP_800-53_R5_CP-1 NIST SP 800-53 Rev. 5 CP-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance NIST_SP_800-53_R5 CP-10 NIST_SP_800-53_R5_CP-10 NIST SP 800-53 Rev. 5 CP-10 System Recovery and Reconstitution NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance NIST_SP_800-53_R5 CP-10(2) NIST_SP_800-53_R5_CP-10(2) NIST SP 800-53 Rev. 5 CP-10 (2) Transaction Recovery NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state Regulatory Compliance NIST_SP_800-53_R5 CP-10(4) NIST_SP_800-53_R5_CP-10(4) NIST SP 800-53 Rev. 5 CP-10 (4) Restore Within Time Period NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance NIST_SP_800-53_R5 CP-2 NIST_SP_800-53_R5_CP-2 NIST SP 800-53 Rev. 5 CP-2 Contingency Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R5 CP-2(1) NIST_SP_800-53_R5_CP-2(1) NIST SP 800-53 Rev. 5 CP-2 (1) Coordinate with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance NIST_SP_800-53_R5 CP-2(2) NIST_SP_800-53_R5_CP-2(2) NIST SP 800-53 Rev. 5 CP-2 (2) Capacity Planning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance NIST_SP_800-53_R5 CP-2(3) NIST_SP_800-53_R5_CP-2(3) NIST SP 800-53 Rev. 5 CP-2 (3) Resume Mission and Business Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance NIST_SP_800-53_R5 CP-2(5) NIST_SP_800-53_R5_CP-2(5) NIST SP 800-53 Rev. 5 CP-2 (5) Continue Mission and Business Functions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cb8841d4-9d13-7292-1d06-ba4d68384681 Perform a business impact assessment and application criticality assessment Regulatory Compliance NIST_SP_800-53_R5 CP-2(8) NIST_SP_800-53_R5_CP-2(8) NIST SP 800-53 Rev. 5 CP-2 (8) Identify Critical Assets NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance NIST_SP_800-53_R5 CP-3 NIST_SP_800-53_R5_CP-3 NIST SP 800-53 Rev. 5 CP-3 Contingency Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance NIST_SP_800-53_R5 CP-3(1) NIST_SP_800-53_R5_CP-3(1) NIST SP 800-53 Rev. 5 CP-3 (1) Simulated Events NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance NIST_SP_800-53_R5 CP-4 NIST_SP_800-53_R5_CP-4 NIST SP 800-53 Rev. 5 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance NIST_SP_800-53_R5 CP-4 NIST_SP_800-53_R5_CP-4 NIST SP 800-53 Rev. 5 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance NIST_SP_800-53_R5 CP-4 NIST_SP_800-53_R5_CP-4 NIST SP 800-53 Rev. 5 CP-4 Contingency Plan Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R5 CP-4(1) NIST_SP_800-53_R5_CP-4(1) NIST SP 800-53 Rev. 5 CP-4 (1) Coordinate with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
60442979-6333-85f0-84c5-b887bac67448 Evaluate alternate processing site capabilities Regulatory Compliance NIST_SP_800-53_R5 CP-4(2) NIST_SP_800-53_R5_CP-4(2) NIST SP 800-53 Rev. 5 CP-4 (2) Alternate Processing Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance NIST_SP_800-53_R5 CP-4(2) NIST_SP_800-53_R5_CP-4(2) NIST SP 800-53 Rev. 5 CP-4 (2) Alternate Processing Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance NIST_SP_800-53_R5 CP-6 NIST_SP_800-53_R5_CP-6 NIST SP 800-53 Rev. 5 CP-6 Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R5 CP-6(1) NIST_SP_800-53_R5_CP-6(1) NIST SP 800-53 Rev. 5 CP-6 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance NIST_SP_800-53_R5 CP-6(2) NIST_SP_800-53_R5_CP-6(2) NIST SP 800-53 Rev. 5 CP-6 (2) Recovery Time and Recovery Point Objectives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance NIST_SP_800-53_R5 CP-6(3) NIST_SP_800-53_R5_CP-6(3) NIST SP 800-53 Rev. 5 CP-6 (3) Accessibility NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NIST_SP_800-53_R5 CP-7 NIST_SP_800-53_R5_CP-7 NIST SP 800-53 Rev. 5 CP-7 Alternate Processing Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R5 CP-7 NIST_SP_800-53_R5_CP-7 NIST SP 800-53 Rev. 5 CP-7 Alternate Processing Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R5 CP-7(1) NIST_SP_800-53_R5_CP-7(1) NIST SP 800-53 Rev. 5 CP-7 (1) Separation from Primary Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R5 CP-7(2) NIST_SP_800-53_R5_CP-7(2) NIST SP 800-53 Rev. 5 CP-7 (2) Accessibility NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance NIST_SP_800-53_R5 CP-7(3) NIST_SP_800-53_R5_CP-7(3) NIST SP 800-53 Rev. 5 CP-7 (3) Priority of Service NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance NIST_SP_800-53_R5 CP-7(3) NIST_SP_800-53_R5_CP-7(3) NIST SP 800-53 Rev. 5 CP-7 (3) Priority of Service NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site Regulatory Compliance NIST_SP_800-53_R5 CP-7(4) NIST_SP_800-53_R5_CP-7(4) NIST SP 800-53 Rev. 5 CP-7 (4) Preparation for Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance NIST_SP_800-53_R5 CP-8(1) NIST_SP_800-53_R5_CP-8(1) NIST SP 800-53 Rev. 5 CP-8 (1) Priority of Service Provisions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 CP-9 NIST_SP_800-53_R5_CP-9 NIST SP 800-53 Rev. 5 CP-9 System Backup NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance NIST_SP_800-53_R5 CP-9(3) NIST_SP_800-53_R5_CP-9(3) NIST SP 800-53 Rev. 5 CP-9 (3) Separate Storage for Critical Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance NIST_SP_800-53_R5 CP-9(5) NIST_SP_800-53_R5_CP-9(5) NIST SP 800-53 Rev. 5 CP-9 (5) Transfer to Alternate Storage Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance NIST_SP_800-53_R5 IA-1 NIST_SP_800-53_R5_IA-1 NIST SP 800-53 Rev. 5 IA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance NIST_SP_800-53_R5 IA-2 NIST_SP_800-53_R5_IA-2 NIST SP 800-53 Rev. 5 IA-2 Identification and Authentication (organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R5 IA-2(1) NIST_SP_800-53_R5_IA-2(1) NIST SP 800-53 Rev. 5 IA-2 (1) Multi-factor Authentication to Privileged Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R5 IA-2(1) NIST_SP_800-53_R5_IA-2(1) NIST SP 800-53 Rev. 5 IA-2 (1) Multi-factor Authentication to Privileged Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R5 IA-2(1) NIST_SP_800-53_R5_IA-2(1) NIST SP 800-53 Rev. 5 IA-2 (1) Multi-factor Authentication to Privileged Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance NIST_SP_800-53_R5 IA-2(12) NIST_SP_800-53_R5_IA-2(12) NIST SP 800-53 Rev. 5 IA-2 (12) Acceptance of PIV Credentials NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NIST_SP_800-53_R5 IA-2(2) NIST_SP_800-53_R5_IA-2(2) NIST SP 800-53 Rev. 5 IA-2 (2) Multi-factor Authentication to Non-privileged Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance NIST_SP_800-53_R5 IA-2(2) NIST_SP_800-53_R5_IA-2(2) NIST SP 800-53 Rev. 5 IA-2 (2) Multi-factor Authentication to Non-privileged Accounts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-2(5) NIST_SP_800-53_R5_IA-2(5) NIST SP 800-53 Rev. 5 IA-2 (5) Individual Authentication with Group Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NIST_SP_800-53_R5 IA-4 NIST_SP_800-53_R5_IA-4 NIST SP 800-53 Rev. 5 IA-4 Identifier Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca748dfe-3e28-1d18-4221-89aea30aa0a5 Identify status of individual users Regulatory Compliance NIST_SP_800-53_R5 IA-4(4) NIST_SP_800-53_R5_IA-4(4) NIST SP 800-53 Rev. 5 IA-4 (4) Identify User Status NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R5 IA-5 NIST_SP_800-53_R5_IA-5 NIST SP 800-53 Rev. 5 IA-5 Authenticator Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration NIST_SP_800-53_R5 IA-5(1) NIST_SP_800-53_R5_IA-5(1) NIST SP 800-53 Rev. 5 IA-5 (1) Password-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c7e8ddc1-14aa-1814-7fe1-aad1742b27da Enforce expiration of cached authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5(13) NIST_SP_800-53_R5_IA-5(13) NIST SP 800-53 Rev. 5 IA-5 (13) Expiration of Cached Authenticators NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4012c2b7-4e0e-a7ab-1688-4aab43f14420 Map authenticated identities to individuals Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0065241c-72e9-3b2c-556f-75de66332a94 Establish parameters for searching secret authenticators and verifiers Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6f311b49-9b0d-8c67-3d6e-db80ae528173 Bind authenticators and identities dynamically Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5(2) NIST_SP_800-53_R5_IA-5(2) NIST SP 800-53 Rev. 5 IA-5 (2) Public Key-based Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5(6) NIST_SP_800-53_R5_IA-5(6) NIST SP 800-53 Rev. 5 IA-5 (6) Protection of Authenticators NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eda0cbb7-6043-05bf-645b-67411f1a59b3 Ensure there are no unencrypted static authenticators Regulatory Compliance NIST_SP_800-53_R5 IA-5(7) NIST_SP_800-53_R5_IA-5(7) NIST SP 800-53 Rev. 5 IA-5 (7) No Embedded Unencrypted Static Authenticators NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance NIST_SP_800-53_R5 IA-6 NIST_SP_800-53_R5_IA-6 NIST SP 800-53 Rev. 5 IA-6 Authentication Feedback NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance NIST_SP_800-53_R5 IA-7 NIST_SP_800-53_R5_IA-7 NIST SP 800-53 Rev. 5 IA-7 Cryptographic Module Authentication NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance NIST_SP_800-53_R5 IA-8 NIST_SP_800-53_R5_IA-8 NIST SP 800-53 Rev. 5 IA-8 Identification and Authentication (non-organizational Users) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55be3260-a7a2-3c06-7fe6-072d07525ab7 Accept PIV credentials Regulatory Compliance NIST_SP_800-53_R5 IA-8(1) NIST_SP_800-53_R5_IA-8(1) NIST SP 800-53 Rev. 5 IA-8 (1) Acceptance of PIV Credentials from Other Agencies NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2d2ca910-7957-23ee-2945-33f401606efc Accept only FICAM-approved third-party credentials Regulatory Compliance NIST_SP_800-53_R5 IA-8(2) NIST_SP_800-53_R5_IA-8(2) NIST SP 800-53 Rev. 5 IA-8 (2) Acceptance of External Authenticators NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a8df9c78-4044-98be-2c05-31a315ac8957 Conform to FICAM-issued profiles Regulatory Compliance NIST_SP_800-53_R5 IA-8(4) NIST_SP_800-53_R5_IA-8(4) NIST SP 800-53 Rev. 5 IA-8 (4) Use of Defined Profiles NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance NIST_SP_800-53_R5 IR-1 NIST_SP_800-53_R5_IR-1 NIST SP 800-53 Rev. 5 IR-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-53_R5 IR-2 NIST_SP_800-53_R5_IR-2 NIST SP 800-53 Rev. 5 IR-2 Incident Response Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance NIST_SP_800-53_R5 IR-2(1) NIST_SP_800-53_R5_IR-2(1) NIST SP 800-53 Rev. 5 IR-2 (1) Simulated Events NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Employ automated training environment Regulatory Compliance NIST_SP_800-53_R5 IR-2(2) NIST_SP_800-53_R5_IR-2(2) NIST SP 800-53 Rev. 5 IR-2 (2) Automated Training Environments NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R5 IR-3 NIST_SP_800-53_R5_IR-3 NIST SP 800-53 Rev. 5 IR-3 Incident Response Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-53_R5 IR-3 NIST_SP_800-53_R5_IR-3 NIST SP 800-53 Rev. 5 IR-3 Incident Response Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-53_R5 IR-3 NIST_SP_800-53_R5_IR-3 NIST SP 800-53 Rev. 5 IR-3 Incident Response Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance NIST_SP_800-53_R5 IR-3(2) NIST_SP_800-53_R5_IR-3(2) NIST SP 800-53 Rev. 5 IR-3 (2) Coordination with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance NIST_SP_800-53_R5 IR-3(2) NIST_SP_800-53_R5_IR-3(2) NIST SP 800-53 Rev. 5 IR-3 (2) Coordination with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R5 IR-3(2) NIST_SP_800-53_R5_IR-3(2) NIST SP 800-53 Rev. 5 IR-3 (2) Coordination with Related Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 IR-4 NIST_SP_800-53_R5_IR-4 NIST SP 800-53 Rev. 5 IR-4 Incident Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-4(1) NIST_SP_800-53_R5_IR-4(1) NIST SP 800-53 Rev. 5 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R5 IR-4(1) NIST_SP_800-53_R5_IR-4(1) NIST SP 800-53 Rev. 5 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-4(1) NIST_SP_800-53_R5_IR-4(1) NIST SP 800-53 Rev. 5 IR-4 (1) Automated Incident Handling Processes NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources Regulatory Compliance NIST_SP_800-53_R5 IR-4(2) NIST_SP_800-53_R5_IR-4(2) NIST SP 800-53 Rev. 5 IR-4 (2) Dynamic Reconfiguration NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance NIST_SP_800-53_R5 IR-4(3) NIST_SP_800-53_R5_IR-4(3) NIST SP 800-53 Rev. 5 IR-4 (3) Continuity of Operations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-4(4) NIST_SP_800-53_R5_IR-4(4) NIST SP 800-53 Rev. 5 IR-4 (4) Information Correlation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance NIST_SP_800-53_R5 IR-4(6) NIST_SP_800-53_R5_IR-4(6) NIST SP 800-53 Rev. 5 IR-4 (6) Insider Threats NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance NIST_SP_800-53_R5 IR-4(8) NIST_SP_800-53_R5_IR-4(8) NIST SP 800-53 Rev. 5 IR-4 (8) Correlation with External Organizations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-5 NIST_SP_800-53_R5_IR-5 NIST SP 800-53 Rev. 5 IR-5 Incident Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R5 IR-6(1) NIST_SP_800-53_R5_IR-6(1) NIST SP 800-53 Rev. 5 IR-6 (1) Automated Reporting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5 IR-6(2) NIST_SP_800-53_R5_IR-6(2) NIST SP 800-53 Rev. 5 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-6(2) NIST_SP_800-53_R5_IR-6(2) NIST SP 800-53 Rev. 5 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 IR-6(2) NIST_SP_800-53_R5_IR-6(2) NIST SP 800-53 Rev. 5 IR-6 (2) Vulnerabilities Related to Incidents NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R5 IR-7 NIST_SP_800-53_R5_IR-7 NIST SP 800-53 Rev. 5 IR-7 Incident Response Assistance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R5 IR-7(1) NIST_SP_800-53_R5_IR-7(1) NIST SP 800-53 Rev. 5 IR-7 (1) Automation Support for Availability of Information and Support NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance NIST_SP_800-53_R5 IR-7(2) NIST_SP_800-53_R5_IR-7(2) NIST SP 800-53 Rev. 5 IR-7 (2) Coordination with External Providers NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance NIST_SP_800-53_R5 IR-7(2) NIST_SP_800-53_R5_IR-7(2) NIST SP 800-53 Rev. 5 IR-7 (2) Coordination with External Providers NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance NIST_SP_800-53_R5 IR-8 NIST_SP_800-53_R5_IR-8 NIST SP 800-53 Rev. 5 IR-8 Incident Response Plan NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
69d90ee6-9f9f-262a-2038-d909fb4e5723 Identify spilled information Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
279052a0-8238-694d-9661-bf649f951747 Identify contaminated systems and components Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22457e81-3ec6-5271-a786-c3ca284601dd Isolate information spills Regulatory Compliance NIST_SP_800-53_R5 IR-9 NIST_SP_800-53_R5_IR-9 NIST SP 800-53 Rev. 5 IR-9 Information Spillage Response NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance NIST_SP_800-53_R5 IR-9(2) NIST_SP_800-53_R5_IR-9(2) NIST SP 800-53 Rev. 5 IR-9 (2) Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bb048641-6017-7272-7772-a008f285a520 Develop spillage response procedures Regulatory Compliance NIST_SP_800-53_R5 IR-9(3) NIST_SP_800-53_R5_IR-9(3) NIST SP 800-53 Rev. 5 IR-9 (3) Post-spill Operations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance NIST_SP_800-53_R5 IR-9(4) NIST_SP_800-53_R5_IR-9(4) NIST SP 800-53 Rev. 5 IR-9 (4) Exposure to Unauthorized Personnel NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance NIST_SP_800-53_R5 MA-1 NIST_SP_800-53_R5_MA-1 NIST SP 800-53 Rev. 5 MA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MA-2 NIST_SP_800-53_R5_MA-2 NIST SP 800-53 Rev. 5 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-2 NIST_SP_800-53_R5_MA-2 NIST SP 800-53 Rev. 5 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MA-2 NIST_SP_800-53_R5_MA-2 NIST SP 800-53 Rev. 5 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-2 NIST_SP_800-53_R5_MA-2 NIST SP 800-53 Rev. 5 MA-2 Controlled Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance NIST_SP_800-53_R5 MA-2(2) NIST_SP_800-53_R5_MA-2(2) NIST SP 800-53 Rev. 5 MA-2 (2) Automated Maintenance Activities NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance NIST_SP_800-53_R5 MA-2(2) NIST_SP_800-53_R5_MA-2(2) NIST SP 800-53 Rev. 5 MA-2 (2) Automated Maintenance Activities NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-3 NIST_SP_800-53_R5_MA-3 NIST SP 800-53 Rev. 5 MA-3 Maintenance Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-3 NIST_SP_800-53_R5_MA-3 NIST SP 800-53 Rev. 5 MA-3 Maintenance Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(1) NIST_SP_800-53_R5_MA-3(1) NIST SP 800-53 Rev. 5 MA-3 (1) Inspect Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(1) NIST_SP_800-53_R5_MA-3(1) NIST SP 800-53 Rev. 5 MA-3 (1) Inspect Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(2) NIST_SP_800-53_R5_MA-3(2) NIST SP 800-53 Rev. 5 MA-3 (2) Inspect Media NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(2) NIST_SP_800-53_R5_MA-3(2) NIST SP 800-53 Rev. 5 MA-3 (2) Inspect Media NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(3) NIST_SP_800-53_R5_MA-3(3) NIST SP 800-53 Rev. 5 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MA-3(3) NIST_SP_800-53_R5_MA-3(3) NIST SP 800-53 Rev. 5 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MA-3(3) NIST_SP_800-53_R5_MA-3(3) NIST SP 800-53 Rev. 5 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance NIST_SP_800-53_R5 MA-3(3) NIST_SP_800-53_R5_MA-3(3) NIST SP 800-53 Rev. 5 MA-3 (3) Prevent Unauthorized Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance NIST_SP_800-53_R5 MA-4 NIST_SP_800-53_R5_MA-4 NIST SP 800-53 Rev. 5 MA-4 Nonlocal Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5bac5fb7-7735-357b-767d-02264bfe5c3b Perform all non-local maintenance Regulatory Compliance NIST_SP_800-53_R5 MA-4(3) NIST_SP_800-53_R5_MA-4(3) NIST SP 800-53 Rev. 5 MA-4 (3) Comparable Security and Sanitization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance NIST_SP_800-53_R5 MA-4(6) NIST_SP_800-53_R5_MA-4(6) NIST SP 800-53 Rev. 5 MA-4 (6) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7a489c62-242c-5db9-74df-c073056d6fa3 Designate personnel to supervise unauthorized maintenance activities Regulatory Compliance NIST_SP_800-53_R5 MA-5 NIST_SP_800-53_R5_MA-5 NIST SP 800-53 Rev. 5 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ce91e4e-6dab-3c46-011a-aa14ae1561bf Maintain list of authorized remote maintenance personnel Regulatory Compliance NIST_SP_800-53_R5 MA-5 NIST_SP_800-53_R5_MA-5 NIST SP 800-53 Rev. 5 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Manage maintenance personnel Regulatory Compliance NIST_SP_800-53_R5 MA-5 NIST_SP_800-53_R5_MA-5 NIST SP 800-53 Rev. 5 MA-5 Maintenance Personnel NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MA-5(1) NIST_SP_800-53_R5_MA-5(1) NIST SP 800-53 Rev. 5 MA-5 (1) Individuals Without Appropriate Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MA-5(1) NIST_SP_800-53_R5_MA-5(1) NIST SP 800-53 Rev. 5 MA-5 (1) Individuals Without Appropriate Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance NIST_SP_800-53_R5 MA-6 NIST_SP_800-53_R5_MA-6 NIST SP 800-53 Rev. 5 MA-6 Timely Maintenance NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance NIST_SP_800-53_R5 MP-1 NIST_SP_800-53_R5_MP-1 NIST SP 800-53 Rev. 5 MP-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-2 NIST_SP_800-53_R5_MP-2 NIST SP 800-53 Rev. 5 MP-2 Media Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-3 NIST_SP_800-53_R5_MP-3 NIST SP 800-53 Rev. 5 MP-3 Media Marking NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-4 NIST_SP_800-53_R5_MP-4 NIST SP 800-53 Rev. 5 MP-4 Media Storage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MP-4 NIST_SP_800-53_R5_MP-4 NIST SP 800-53 Rev. 5 MP-4 Media Storage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R5 MP-5 NIST_SP_800-53_R5_MP-5 NIST SP 800-53 Rev. 5 MP-5 Media Transport NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-5 NIST_SP_800-53_R5_MP-5 NIST SP 800-53 Rev. 5 MP-5 Media Transport NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MP-6 NIST_SP_800-53_R5_MP-6 NIST SP 800-53 Rev. 5 MP-6 Media Sanitization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-6 NIST_SP_800-53_R5_MP-6 NIST SP 800-53 Rev. 5 MP-6 Media Sanitization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MP-6(1) NIST_SP_800-53_R5_MP-6(1) NIST SP 800-53 Rev. 5 MP-6 (1) Review, Approve, Track, Document, and Verify NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-6(1) NIST_SP_800-53_R5_MP-6(1) NIST SP 800-53 Rev. 5 MP-6 (1) Review, Approve, Track, Document, and Verify NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance NIST_SP_800-53_R5 MP-6(2) NIST_SP_800-53_R5_MP-6(2) NIST SP 800-53 Rev. 5 MP-6 (2) Equipment Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-6(2) NIST_SP_800-53_R5_MP-6(2) NIST SP 800-53 Rev. 5 MP-6 (2) Equipment Testing NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R5 MP-7 NIST_SP_800-53_R5_MP-7 NIST SP 800-53 Rev. 5 MP-7 Media Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance NIST_SP_800-53_R5 MP-7 NIST_SP_800-53_R5_MP-7 NIST SP 800-53 Rev. 5 MP-7 Media Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance NIST_SP_800-53_R5 MP-7 NIST_SP_800-53_R5_MP-7 NIST SP 800-53 Rev. 5 MP-7 Media Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 MP-7 NIST_SP_800-53_R5_MP-7 NIST SP 800-53 Rev. 5 MP-7 Media Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PE-1 NIST_SP_800-53_R5_PE-1 NIST SP 800-53 Rev. 5 PE-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance NIST_SP_800-53_R5 PE-12 NIST_SP_800-53_R5_PE-12 NIST SP 800-53 Rev. 5 PE-12 Emergency Lighting NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-13 NIST_SP_800-53_R5_PE-13 NIST SP 800-53 Rev. 5 PE-13 Fire Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-13(1) NIST_SP_800-53_R5_PE-13(1) NIST SP 800-53 Rev. 5 PE-13 (1) Detection Systems ??? Automatic Activation and Notification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance NIST_SP_800-53_R5 PE-13(1) NIST_SP_800-53_R5_PE-13(1) NIST SP 800-53 Rev. 5 PE-13 (1) Detection Systems ??? Automatic Activation and Notification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance NIST_SP_800-53_R5 PE-13(1) NIST_SP_800-53_R5_PE-13(1) NIST SP 800-53 Rev. 5 PE-13 (1) Detection Systems ??? Automatic Activation and Notification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-13(2) NIST_SP_800-53_R5_PE-13(2) NIST SP 800-53 Rev. 5 PE-13 (2) Suppression Systems ??? Automatic Activation and Notification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-14 NIST_SP_800-53_R5_PE-14 NIST SP 800-53 Rev. 5 PE-14 Environmental Controls NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-14(2) NIST_SP_800-53_R5_PE-14(2) NIST SP 800-53 Rev. 5 PE-14 (2) Monitoring with Alarms and Notifications NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-53_R5 PE-14(2) NIST_SP_800-53_R5_PE-14(2) NIST SP 800-53 Rev. 5 PE-14 (2) Monitoring with Alarms and Notifications NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-15 NIST_SP_800-53_R5_PE-15 NIST SP 800-53 Rev. 5 PE-15 Water Damage Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance NIST_SP_800-53_R5 PE-16 NIST_SP_800-53_R5_PE-16 NIST SP 800-53 Rev. 5 PE-16 Delivery and Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
25a1f840-65d0-900a-43e4-bee253de04de Define requirements for managing assets Regulatory Compliance NIST_SP_800-53_R5 PE-16 NIST_SP_800-53_R5_PE-16 NIST SP 800-53 Rev. 5 PE-16 Delivery and Removal NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance NIST_SP_800-53_R5 PE-17 NIST_SP_800-53_R5_PE-17 NIST SP 800-53 Rev. 5 PE-17 Alternate Work Site NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-18 NIST_SP_800-53_R5_PE-18 NIST SP 800-53 Rev. 5 PE-18 Location of System Components NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-2 NIST_SP_800-53_R5_PE-2 NIST SP 800-53 Rev. 5 PE-2 Physical Access Authorizations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-3 NIST_SP_800-53_R5_PE-3 NIST SP 800-53 Rev. 5 PE-3 Physical Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance NIST_SP_800-53_R5 PE-3 NIST_SP_800-53_R5_PE-3 NIST SP 800-53 Rev. 5 PE-3 Physical Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-53_R5 PE-3 NIST_SP_800-53_R5_PE-3 NIST SP 800-53 Rev. 5 PE-3 Physical Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-3 NIST_SP_800-53_R5_PE-3 NIST SP 800-53 Rev. 5 PE-3 Physical Access Control NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-4 NIST_SP_800-53_R5_PE-4 NIST SP 800-53 Rev. 5 PE-4 Access Control for Transmission NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-4 NIST_SP_800-53_R5_PE-4 NIST SP 800-53 Rev. 5 PE-4 Access Control for Transmission NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-5 NIST_SP_800-53_R5_PE-5 NIST SP 800-53 Rev. 5 PE-5 Access Control for Output Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance NIST_SP_800-53_R5 PE-5 NIST_SP_800-53_R5_PE-5 NIST SP 800-53 Rev. 5 PE-5 Access Control for Output Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-5 NIST_SP_800-53_R5_PE-5 NIST SP 800-53 Rev. 5 PE-5 Access Control for Output Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance NIST_SP_800-53_R5 PE-6(1) NIST_SP_800-53_R5_PE-6(1) NIST SP 800-53 Rev. 5 PE-6 (1) Intrusion Alarms and Surveillance Equipment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance NIST_SP_800-53_R5 PE-6(1) NIST_SP_800-53_R5_PE-6(1) NIST SP 800-53 Rev. 5 PE-6 (1) Intrusion Alarms and Surveillance Equipment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 PE-8 NIST_SP_800-53_R5_PE-8 NIST SP 800-53 Rev. 5 PE-8 Visitor Access Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance NIST_SP_800-53_R5 PE-8 NIST_SP_800-53_R5_PE-8 NIST SP 800-53 Rev. 5 PE-8 Visitor Access Records NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PL-1 NIST_SP_800-53_R5_PL-1 NIST SP 800-53 Rev. 5 PL-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance NIST_SP_800-53_R5 PL-2 NIST_SP_800-53_R5_PL-2 NIST SP 800-53 Rev. 5 PL-2 System Security and Privacy Plans NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PL-4 NIST_SP_800-53_R5_PL-4 NIST SP 800-53 Rev. 5 PL-4 Rules of Behavior NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PL-4(1) NIST_SP_800-53_R5_PL-4(1) NIST SP 800-53 Rev. 5 PL-4 (1) Social Media and External Site/application Usage Restrictions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance NIST_SP_800-53_R5 PL-8 NIST_SP_800-53_R5_PL-8 NIST SP 800-53 Rev. 5 PL-8 Security and Privacy Architectures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance NIST_SP_800-53_R5 PL-8 NIST_SP_800-53_R5_PL-8 NIST SP 800-53 Rev. 5 PL-8 Security and Privacy Architectures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PS-1 NIST_SP_800-53_R5_PS-1 NIST SP 800-53 Rev. 5 PS-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance NIST_SP_800-53_R5 PS-2 NIST_SP_800-53_R5_PS-2 NIST SP 800-53 Rev. 5 PS-2 Position Risk Designation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance NIST_SP_800-53_R5 PS-3 NIST_SP_800-53_R5_PS-3 NIST SP 800-53 Rev. 5 PS-3 Personnel Screening NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance NIST_SP_800-53_R5 PS-3 NIST_SP_800-53_R5_PS-3 NIST SP 800-53 Rev. 5 PS-3 Personnel Screening NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance NIST_SP_800-53_R5 PS-3 NIST_SP_800-53_R5_PS-3 NIST SP 800-53 Rev. 5 PS-3 Personnel Screening NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-53_R5 PS-3(3) NIST_SP_800-53_R5_PS-3(3) NIST SP 800-53 Rev. 5 PS-3 (3) Information Requiring Special Protective Measures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-53_R5 PS-4 NIST_SP_800-53_R5_PS-4 NIST SP 800-53 Rev. 5 PS-4 Personnel Termination NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
729c8708-2bec-093c-8427-2e87d2cd426d Automate notification of employee termination Regulatory Compliance NIST_SP_800-53_R5 PS-4(2) NIST_SP_800-53_R5_PS-4(2) NIST SP 800-53 Rev. 5 PS-4 (2) Automated Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance NIST_SP_800-53_R5 PS-5 NIST_SP_800-53_R5_PS-5 NIST SP 800-53 Rev. 5 PS-5 Personnel Transfer NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance NIST_SP_800-53_R5 PS-5 NIST_SP_800-53_R5_PS-5 NIST SP 800-53 Rev. 5 PS-5 Personnel Transfer NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance NIST_SP_800-53_R5 PS-5 NIST_SP_800-53_R5_PS-5 NIST SP 800-53 Rev. 5 PS-5 Personnel Transfer NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance NIST_SP_800-53_R5 PS-5 NIST_SP_800-53_R5_PS-5 NIST SP 800-53 Rev. 5 PS-5 Personnel Transfer NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance NIST_SP_800-53_R5 PS-6 NIST_SP_800-53_R5_PS-6 NIST SP 800-53 Rev. 5 PS-6 Access Agreements NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance NIST_SP_800-53_R5 PS-7 NIST_SP_800-53_R5_PS-7 NIST SP 800-53 Rev. 5 PS-7 External Personnel Security NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance NIST_SP_800-53_R5 PS-8 NIST_SP_800-53_R5_PS-8 NIST SP 800-53 Rev. 5 PS-8 Personnel Sanctions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance NIST_SP_800-53_R5 PS-8 NIST_SP_800-53_R5_PS-8 NIST SP 800-53 Rev. 5 PS-8 Personnel Sanctions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance NIST_SP_800-53_R5 RA-1 NIST_SP_800-53_R5_RA-1 NIST SP 800-53 Rev. 5 RA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance NIST_SP_800-53_R5 RA-2 NIST_SP_800-53_R5_RA-2 NIST SP 800-53 Rev. 5 RA-2 Security Categorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance NIST_SP_800-53_R5 RA-2 NIST_SP_800-53_R5_RA-2 NIST SP 800-53 Rev. 5 RA-2 Security Categorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Ensure security categorization is approved Regulatory Compliance NIST_SP_800-53_R5 RA-2 NIST_SP_800-53_R5_RA-2 NIST SP 800-53 Rev. 5 RA-2 Security Categorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance NIST_SP_800-53_R5 RA-2 NIST_SP_800-53_R5_RA-2 NIST SP 800-53 Rev. 5 RA-2 Security Categorization NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance NIST_SP_800-53_R5 RA-3 NIST_SP_800-53_R5_RA-3 NIST SP 800-53 Rev. 5 RA-3 Risk Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance NIST_SP_800-53_R5 RA-3 NIST_SP_800-53_R5_RA-3 NIST SP 800-53 Rev. 5 RA-3 Risk Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance NIST_SP_800-53_R5 RA-3 NIST_SP_800-53_R5_RA-3 NIST SP 800-53 Rev. 5 RA-3 Risk Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance NIST_SP_800-53_R5 RA-3 NIST_SP_800-53_R5_RA-3 NIST SP 800-53 Rev. 5 RA-3 Risk Assessment NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 RA-5 NIST_SP_800-53_R5_RA-5 NIST SP 800-53 Rev. 5 RA-5 Vulnerability Monitoring and Scanning NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance NIST_SP_800-53_R5 RA-5(10) NIST_SP_800-53_R5_RA-5(10) NIST SP 800-53 Rev. 5 RA-5 (10) Correlate Scanning Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 RA-5(2) NIST_SP_800-53_R5_RA-5(2) NIST SP 800-53 Rev. 5 RA-5 (2) Update Vulnerabilities to Be Scanned NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 RA-5(2) NIST_SP_800-53_R5_RA-5(2) NIST SP 800-53 Rev. 5 RA-5 (2) Update Vulnerabilities to Be Scanned NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 RA-5(3) NIST_SP_800-53_R5_RA-5(3) NIST SP 800-53 Rev. 5 RA-5 (3) Breadth and Depth of Coverage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 RA-5(3) NIST_SP_800-53_R5_RA-5(3) NIST SP 800-53 Rev. 5 RA-5 (3) Breadth and Depth of Coverage NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d25cbded-121e-0ed6-1857-dc698c9095b1 Take action in response to customer information Regulatory Compliance NIST_SP_800-53_R5 RA-5(4) NIST_SP_800-53_R5_RA-5(4) NIST SP 800-53 Rev. 5 RA-5 (4) Discoverable Information NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance NIST_SP_800-53_R5 RA-5(5) NIST_SP_800-53_R5_RA-5(5) NIST SP 800-53 Rev. 5 RA-5 (5) Privileged Access NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance NIST_SP_800-53_R5 RA-5(6) NIST_SP_800-53_R5_RA-5(6) NIST SP 800-53 Rev. 5 RA-5 (6) Automated Trend Analyses NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance NIST_SP_800-53_R5 RA-5(8) NIST_SP_800-53_R5_RA-5(8) NIST SP 800-53 Rev. 5 RA-5 (8) Review Historic Audit Logs NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance NIST_SP_800-53_R5 SA-1 NIST_SP_800-53_R5_SA-1 NIST SP 800-53 Rev. 5 SA-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance NIST_SP_800-53_R5 SA-10 NIST_SP_800-53_R5_SA-10 NIST SP 800-53 Rev. 5 SA-10 Developer Configuration Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R5 SA-10(1) NIST_SP_800-53_R5_SA-10(1) NIST SP 800-53 Rev. 5 SA-10 (1) Software and Firmware Integrity Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance NIST_SP_800-53_R5 SA-11 NIST_SP_800-53_R5_SA-11 NIST SP 800-53 Rev. 5 SA-11 Developer Testing and Evaluation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 SA-11 NIST_SP_800-53_R5_SA-11 NIST SP 800-53 Rev. 5 SA-11 Developer Testing and Evaluation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 SA-11 NIST_SP_800-53_R5_SA-11 NIST SP 800-53 Rev. 5 SA-11 Developer Testing and Evaluation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance NIST_SP_800-53_R5 SA-15 NIST_SP_800-53_R5_SA-15 NIST SP 800-53 Rev. 5 SA-15 Development Process, Standards, and Tools NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
676c3c35-3c36-612c-9523-36d266a65000 Require developers to provide training Regulatory Compliance NIST_SP_800-53_R5 SA-16 NIST_SP_800-53_R5_SA-16 NIST SP 800-53 Rev. 5 SA-16 Developer-provided Training NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance NIST_SP_800-53_R5 SA-17 NIST_SP_800-53_R5_SA-17 NIST SP 800-53 Rev. 5 SA-17 Developer Security and Privacy Architecture and Design NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance NIST_SP_800-53_R5 SA-17 NIST_SP_800-53_R5_SA-17 NIST SP 800-53 Rev. 5 SA-17 Developer Security and Privacy Architecture and Design NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance NIST_SP_800-53_R5 SA-17 NIST_SP_800-53_R5_SA-17 NIST SP 800-53 Rev. 5 SA-17 Developer Security and Privacy Architecture and Design NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
90a156a6-49ed-18d1-1052-69aac27c05cd Allocate resources in determining information system requirements Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
06af77de-02ca-0f3e-838a-a9420fe466f5 Establish a discrete line item in budgeting documentation Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ab02bb73-4ce1-89dd-3905-d93042809ba0 Align business objectives and IT goals Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance NIST_SP_800-53_R5 SA-2 NIST_SP_800-53_R5_SA-2 NIST SP 800-53 Rev. 5 SA-2 Allocation of Resources NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance NIST_SP_800-53_R5 SA-3 NIST_SP_800-53_R5_SA-3 NIST SP 800-53 Rev. 5 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance NIST_SP_800-53_R5 SA-3 NIST_SP_800-53_R5_SA-3 NIST SP 800-53 Rev. 5 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance NIST_SP_800-53_R5 SA-3 NIST_SP_800-53_R5_SA-3 NIST SP 800-53 Rev. 5 SA-3 System Development Life Cycle NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance NIST_SP_800-53_R5 SA-4 NIST_SP_800-53_R5_SA-4 NIST SP 800-53 Rev. 5 SA-4 Acquisition Process NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance NIST_SP_800-53_R5 SA-4(1) NIST_SP_800-53_R5_SA-4(1) NIST SP 800-53 Rev. 5 SA-4 (1) Functional Properties of Controls NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b333332-6efd-7c0d-5a9f-d1eb95105214 Employ FIPS 201-approved technology for PIV Regulatory Compliance NIST_SP_800-53_R5 SA-4(10) NIST_SP_800-53_R5_SA-4(10) NIST SP 800-53 Rev. 5 SA-4 (10) Use of Approved PIV Products NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance NIST_SP_800-53_R5 SA-4(2) NIST_SP_800-53_R5_SA-4(2) NIST SP 800-53 Rev. 5 SA-4 (2) Design and Implementation Information for Controls NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance NIST_SP_800-53_R5 SA-4(8) NIST_SP_800-53_R5_SA-4(8) NIST SP 800-53 Rev. 5 SA-4 (8) Continuous Monitoring Plan for Controls NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance NIST_SP_800-53_R5 SA-4(9) NIST_SP_800-53_R5_SA-4(9) NIST SP 800-53 Rev. 5 SA-4 (9) Functions, Ports, Protocols, and Services in Use NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance NIST_SP_800-53_R5 SA-5 NIST_SP_800-53_R5_SA-5 NIST SP 800-53 Rev. 5 SA-5 System Documentation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance NIST_SP_800-53_R5 SA-9 NIST_SP_800-53_R5_SA-9 NIST SP 800-53 Rev. 5 SA-9 External System Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance NIST_SP_800-53_R5 SA-9 NIST_SP_800-53_R5_SA-9 NIST SP 800-53 Rev. 5 SA-9 External System Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance NIST_SP_800-53_R5 SA-9 NIST_SP_800-53_R5_SA-9 NIST SP 800-53 Rev. 5 SA-9 External System Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance NIST_SP_800-53_R5 SA-9 NIST_SP_800-53_R5_SA-9 NIST SP 800-53 Rev. 5 SA-9 External System Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
92b94485-1c49-3350-9ada-dffe94f08e87 Obtain approvals for acquisitions and outsourcing Regulatory Compliance NIST_SP_800-53_R5 SA-9(1) NIST_SP_800-53_R5_SA-9(1) NIST SP 800-53 Rev. 5 SA-9 (1) Risk Assessments and Organizational Approvals NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance NIST_SP_800-53_R5 SA-9(1) NIST_SP_800-53_R5_SA-9(1) NIST SP 800-53 Rev. 5 SA-9 (1) Risk Assessments and Organizational Approvals NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance NIST_SP_800-53_R5 SA-9(2) NIST_SP_800-53_R5_SA-9(2) NIST SP 800-53 Rev. 5 SA-9 (2) Identification of Functions, Ports, Protocols, and Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance NIST_SP_800-53_R5 SA-9(4) NIST_SP_800-53_R5_SA-9(4) NIST SP 800-53 Rev. 5 SA-9 (4) Consistent Interests of Consumers and Providers NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0040d2e5-2779-170d-6a2c-1f5fca353335 Restrict location of information processing, storage and services Regulatory Compliance NIST_SP_800-53_R5 SA-9(5) NIST_SP_800-53_R5_SA-9(5) NIST SP 800-53 Rev. 5 SA-9 (5) Processing, Storage, and Service Location NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance NIST_SP_800-53_R5 SC-1 NIST_SP_800-53_R5_SC-1 NIST SP 800-53 Rev. 5 SC-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance NIST_SP_800-53_R5 SC-10 NIST_SP_800-53_R5_SC-10 NIST SP 800-53 Rev. 5 SC-10 Network Disconnect NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 Cryptographic Key Establishment and Management NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance NIST_SP_800-53_R5 SC-12(1) NIST_SP_800-53_R5_SC-12(1) NIST SP 800-53 Rev. 5 SC-12 (1) Availability NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R5 SC-12(2) NIST_SP_800-53_R5_SC-12(2) NIST SP 800-53 Rev. 5 SC-12 (2) Symmetric Keys NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance NIST_SP_800-53_R5 SC-12(3) NIST_SP_800-53_R5_SC-12(3) NIST SP 800-53 Rev. 5 SC-12 (3) Asymmetric Keys NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance NIST_SP_800-53_R5 SC-13 NIST_SP_800-53_R5_SC-13 NIST SP 800-53 Rev. 5 SC-13 Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance NIST_SP_800-53_R5 SC-15 NIST_SP_800-53_R5_SC-15 NIST SP 800-53 Rev. 5 SC-15 Collaborative Computing Devices and Applications NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance NIST_SP_800-53_R5 SC-15 NIST_SP_800-53_R5_SC-15 NIST SP 800-53 Rev. 5 SC-15 Collaborative Computing Devices and Applications NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance NIST_SP_800-53_R5 SC-17 NIST_SP_800-53_R5_SC-17 NIST SP 800-53 Rev. 5 SC-17 Public Key Infrastructure Certificates NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ffdaa742-0d6f-726f-3eac-6e6c34e36c93 Establish usage restrictions for mobile code technologies Regulatory Compliance NIST_SP_800-53_R5 SC-18 NIST_SP_800-53_R5_SC-18 NIST SP 800-53 Rev. 5 SC-18 Mobile Code NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance NIST_SP_800-53_R5 SC-18 NIST_SP_800-53_R5_SC-18 NIST SP 800-53 Rev. 5 SC-18 Mobile Code NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
291f20d4-8d93-1d73-89f3-6ce28b825563 Authorize, monitor, and control usage of mobile code technologies Regulatory Compliance NIST_SP_800-53_R5 SC-18 NIST_SP_800-53_R5_SC-18 NIST SP 800-53 Rev. 5 SC-18 Mobile Code NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance NIST_SP_800-53_R5 SC-2 NIST_SP_800-53_R5_SC-2 NIST SP 800-53 Rev. 5 SC-2 Separation of System and User Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance NIST_SP_800-53_R5 SC-2 NIST_SP_800-53_R5_SC-2 NIST SP 800-53 Rev. 5 SC-2 Separation of System and User Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance NIST_SP_800-53_R5 SC-2 NIST_SP_800-53_R5_SC-2 NIST SP 800-53 Rev. 5 SC-2 Separation of System and User Functionality NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R5 SC-20 NIST_SP_800-53_R5_SC-20 NIST SP 800-53 Rev. 5 SC-20 Secure Name/address Resolution Service (authoritative Source) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance NIST_SP_800-53_R5 SC-20 NIST_SP_800-53_R5_SC-20 NIST SP 800-53 Rev. 5 SC-20 Secure Name/address Resolution Service (authoritative Source) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R5 SC-21 NIST_SP_800-53_R5_SC-21 NIST SP 800-53 Rev. 5 SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R5 SC-21 NIST_SP_800-53_R5_SC-21 NIST SP 800-53 Rev. 5 SC-21 Secure Name/address Resolution Service (recursive or Caching Resolver) NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance NIST_SP_800-53_R5 SC-22 NIST_SP_800-53_R5_SC-22 NIST SP 800-53 Rev. 5 SC-22 Architecture and Provisioning for Name/address Resolution Service NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-53_R5 SC-23 NIST_SP_800-53_R5_SC-23 NIST SP 800-53 Rev. 5 SC-23 Session Authenticity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance NIST_SP_800-53_R5 SC-23 NIST_SP_800-53_R5_SC-23 NIST SP 800-53 Rev. 5 SC-23 Session Authenticity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
396f465d-375e-57de-58ba-021adb008191 Invalidate session identifiers at logout Regulatory Compliance NIST_SP_800-53_R5 SC-23(1) NIST_SP_800-53_R5_SC-23(1) NIST SP 800-53 Rev. 5 SC-23 (1) Invalidate Session Identifiers at Logout NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance NIST_SP_800-53_R5 SC-24 NIST_SP_800-53_R5_SC-24 NIST SP 800-53 Rev. 5 SC-24 Fail in Known State NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-53_R5 SC-28 NIST_SP_800-53_R5_SC-28 NIST SP 800-53 Rev. 5 SC-28 Protection of Information at Rest NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge devices should use double-encryption Azure Stack Edge NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NIST_SP_800-53_R5 SC-28(1) NIST_SP_800-53_R5_SC-28(1) NIST SP 800-53 Rev. 5 SC-28 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R5 SC-3 NIST_SP_800-53_R5_SC-3 NIST SP 800-53 Rev. 5 SC-3 Security Function Isolation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SC-3 NIST_SP_800-53_R5_SC-3 NIST SP 800-53 Rev. 5 SC-3 Security Function Isolation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-53_R5 SC-3 NIST_SP_800-53_R5_SC-3 NIST SP 800-53 Rev. 5 SC-3 Security Function Isolation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NIST_SP_800-53_R5 SC-3 NIST_SP_800-53_R5_SC-3 NIST SP 800-53 Rev. 5 SC-3 Security Function Isolation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bfc540fe-376c-2eef-4355-121312fa4437 Maintain separate execution domains for running processes Regulatory Compliance NIST_SP_800-53_R5 SC-39 NIST_SP_800-53_R5_SC-39 NIST SP 800-53 Rev. 5 SC-39 Process Isolation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b7306e73-0494-83a2-31f5-280e934a8f70 Develop and document a DDoS response plan Regulatory Compliance NIST_SP_800-53_R5 SC-5 NIST_SP_800-53_R5_SC-5 NIST SP 800-53 Rev. 5 SC-5 Denial-of-service Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance NIST_SP_800-53_R5 SC-6 NIST_SP_800-53_R5_SC-6 NIST SP 800-53 Rev. 5 SC-6 Resource Availability NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
70057208-70cc-7b31-3c3a-121af6bc1966 Secure commitment from leadership Regulatory Compliance NIST_SP_800-53_R5 SC-6 NIST_SP_800-53_R5_SC-6 NIST SP 800-53 Rev. 5 SC-6 Resource Availability NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
33d34fac-56a8-1c0f-0636-3ed94892a709 Govern the allocation of resources Regulatory Compliance NIST_SP_800-53_R5 SC-6 NIST_SP_800-53_R5_SC-6 NIST SP 800-53 Rev. 5 SC-6 Resource Availability NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 SC-7 NIST_SP_800-53_R5_SC-7 NIST SP 800-53 Rev. 5 SC-7 Boundary Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SC-7(12) NIST_SP_800-53_R5_SC-7(12) NIST SP 800-53 Rev. 5 SC-7 (12) Host-based Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance NIST_SP_800-53_R5 SC-7(13) NIST_SP_800-53_R5_SC-7(13) NIST SP 800-53 Rev. 5 SC-7 (13) Isolation of Security Tools, Mechanisms, and Support Components NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df54d34f-65f3-39f1-103c-a0464b8615df Manage transfers between standby and active system components Regulatory Compliance NIST_SP_800-53_R5 SC-7(18) NIST_SP_800-53_R5_SC-7(18) NIST SP 800-53 Rev. 5 SC-7 (18) Fail Secure NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SC-7(18) NIST_SP_800-53_R5_SC-7(18) NIST SP 800-53 Rev. 5 SC-7 (18) Fail Secure NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
83eea3d3-0d2c-9ccd-1021-2111b29b2a62 Ensure system capable of dynamic isolation of resources Regulatory Compliance NIST_SP_800-53_R5 SC-7(20) NIST_SP_800-53_R5_SC-7(20) NIST SP 800-53 Rev. 5 SC-7 (20) Dynamic Isolation and Segregation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance NIST_SP_800-53_R5 SC-7(21) NIST_SP_800-53_R5_SC-7(21) NIST SP 800-53 Rev. 5 SC-7 (21) Isolation of System Components NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NIST_SP_800-53_R5 SC-7(3) NIST_SP_800-53_R5_SC-7(3) NIST SP 800-53 Rev. 5 SC-7 (3) Access Points NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance NIST_SP_800-53_R5 SC-7(4) NIST_SP_800-53_R5_SC-7(4) NIST SP 800-53 Rev. 5 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SC-7(4) NIST_SP_800-53_R5_SC-7(4) NIST SP 800-53 Rev. 5 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance NIST_SP_800-53_R5 SC-7(4) NIST_SP_800-53_R5_SC-7(4) NIST SP 800-53 Rev. 5 SC-7 (4) External Telecommunications Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance NIST_SP_800-53_R5 SC-7(7) NIST_SP_800-53_R5_SC-7(7) NIST SP 800-53 Rev. 5 SC-7 (7) Split Tunneling for Remote Devices NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d91558ce-5a5c-551b-8fbb-83f793255e09 Route traffic through authenticated proxy network Regulatory Compliance NIST_SP_800-53_R5 SC-7(8) NIST_SP_800-53_R5_SC-7(8) NIST SP 800-53 Rev. 5 SC-7 (8) Route Traffic to Authenticated Proxy Servers NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-53_R5 SC-8 NIST_SP_800-53_R5_SC-8 NIST SP 800-53 Rev. 5 SC-8 Transmission Confidentiality and Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight NIST_SP_800-53_R5 SC-8(1) NIST_SP_800-53_R5_SC-8(1) NIST SP 800-53 Rev. 5 SC-8 (1) Cryptographic Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance NIST_SP_800-53_R5 SI-1 NIST_SP_800-53_R5_SI-1 NIST SP 800-53 Rev. 5 SI-1 Policy and Procedures NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance NIST_SP_800-53_R5 SI-10 NIST_SP_800-53_R5_SI-10 NIST SP 800-53 Rev. 5 SI-10 Information Input Validation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance NIST_SP_800-53_R5 SI-11 NIST_SP_800-53_R5_SI-11 NIST SP 800-53 Rev. 5 SI-11 Error Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance NIST_SP_800-53_R5 SI-11 NIST_SP_800-53_R5_SI-11 NIST SP 800-53 Rev. 5 SI-11 Error Handling NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance NIST_SP_800-53_R5 SI-12 NIST_SP_800-53_R5_SI-12 NIST SP 800-53 Rev. 5 SI-12 Information Management and Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance NIST_SP_800-53_R5 SI-12 NIST_SP_800-53_R5_SI-12 NIST SP 800-53 Rev. 5 SI-12 Information Management and Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance NIST_SP_800-53_R5 SI-12 NIST_SP_800-53_R5_SI-12 NIST SP 800-53 Rev. 5 SI-12 Information Management and Retention NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R5 SI-16 NIST_SP_800-53_R5_SI-16 NIST SP 800-53 Rev. 5 SI-16 Memory Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SI-16 NIST_SP_800-53_R5_SI-16 NIST SP 800-53 Rev. 5 SI-16 Memory Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NIST_SP_800-53_R5 SI-2 NIST_SP_800-53_R5_SI-2 NIST SP 800-53 Rev. 5 SI-2 Flaw Remediation NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
a90c4d44-7fac-8e02-6d5b-0d92046b20e6 Automate flaw remediation Regulatory Compliance NIST_SP_800-53_R5 SI-2(2) NIST_SP_800-53_R5_SI-2(2) NIST SP 800-53 Rev. 5 SI-2 (2) Automated Flaw Remediation Status NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance NIST_SP_800-53_R5 SI-2(2) NIST_SP_800-53_R5_SI-2(2) NIST SP 800-53 Rev. 5 SI-2 (2) Automated Flaw Remediation Status NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dad1887d-161b-7b61-2e4d-5124a7b5724e Measure the time between flaw identification and flaw remediation Regulatory Compliance NIST_SP_800-53_R5 SI-2(3) NIST_SP_800-53_R5_SI-2(3) NIST SP 800-53 Rev. 5 SI-2 (3) Time to Remediate Flaws and Benchmarks for Corrective Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
dd2523d5-2db3-642b-a1cf-83ac973b32c2 Establish benchmarks for flaw remediation Regulatory Compliance NIST_SP_800-53_R5 SI-2(3) NIST_SP_800-53_R5_SI-2(3) NIST SP 800-53 Rev. 5 SI-2 (3) Time to Remediate Flaws and Benchmarks for Corrective Actions NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R5 SI-2(6) NIST_SP_800-53_R5_SI-2(6) NIST SP 800-53 Rev. 5 SI-2 (6) Removal of Previous Versions of Software and Firmware NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NIST_SP_800-53_R5 SI-2(6) NIST_SP_800-53_R5_SI-2(6) NIST SP 800-53 Rev. 5 SI-2 (6) Removal of Previous Versions of Software and Firmware NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center NIST_SP_800-53_R5 SI-2(6) NIST_SP_800-53_R5_SI-2(6) NIST SP 800-53 Rev. 5 SI-2 (6) Removal of Previous Versions of Software and Firmware NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NIST_SP_800-53_R5 SI-3 NIST_SP_800-53_R5_SI-3 NIST SP 800-53 Rev. 5 SI-3 Malicious Code Protection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NIST_SP_800-53_R5 SI-4 NIST_SP_800-53_R5_SI-4 NIST SP 800-53 Rev. 5 SI-4 System Monitoring NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 SI-4(12) NIST_SP_800-53_R5_SI-4(12) NIST SP 800-53 Rev. 5 SI-4 (12) Automated Organization-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NIST_SP_800-53_R5 SI-4(12) NIST_SP_800-53_R5_SI-4(12) NIST SP 800-53 Rev. 5 SI-4 (12) Automated Organization-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NIST_SP_800-53_R5 SI-4(12) NIST_SP_800-53_R5_SI-4(12) NIST SP 800-53 Rev. 5 SI-4 (12) Automated Organization-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
8f835d6a-4d13-9a9c-37dc-176cebd37fda Document wireless access security controls Regulatory Compliance NIST_SP_800-53_R5 SI-4(14) NIST_SP_800-53_R5_SI-4(14) NIST SP 800-53 Rev. 5 SI-4 (14) Wireless Intrusion Detection NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance NIST_SP_800-53_R5 SI-4(2) NIST_SP_800-53_R5_SI-4(2) NIST SP 800-53 Rev. 5 SI-4 (2) Automated Tools and Mechanisms for Real-time Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance NIST_SP_800-53_R5 SI-4(2) NIST_SP_800-53_R5_SI-4(2) NIST SP 800-53 Rev. 5 SI-4 (2) Automated Tools and Mechanisms for Real-time Analysis NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance NIST_SP_800-53_R5 SI-4(22) NIST_SP_800-53_R5_SI-4(22) NIST SP 800-53 Rev. 5 SI-4 (22) Unauthorized Network Services NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance NIST_SP_800-53_R5 SI-4(24) NIST_SP_800-53_R5_SI-4(24) NIST SP 800-53 Rev. 5 SI-4 (24) Indicators of Compromise NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance NIST_SP_800-53_R5 SI-4(4) NIST_SP_800-53_R5_SI-4(4) NIST SP 800-53 Rev. 5 SI-4 (4) Inbound and Outbound Communications Traffic NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance NIST_SP_800-53_R5 SI-4(4) NIST_SP_800-53_R5_SI-4(4) NIST SP 800-53 Rev. 5 SI-4 (4) Inbound and Outbound Communications Traffic NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance NIST_SP_800-53_R5 SI-4(4) NIST_SP_800-53_R5_SI-4(4) NIST SP 800-53 Rev. 5 SI-4 (4) Inbound and Outbound Communications Traffic NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance NIST_SP_800-53_R5 SI-4(4) NIST_SP_800-53_R5_SI-4(4) NIST SP 800-53 Rev. 5 SI-4 (4) Inbound and Outbound Communications Traffic NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance NIST_SP_800-53_R5 SI-4(5) NIST_SP_800-53_R5_SI-4(5) NIST SP 800-53 Rev. 5 SI-4 (5) System-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance NIST_SP_800-53_R5 SI-4(5) NIST_SP_800-53_R5_SI-4(5) NIST SP 800-53 Rev. 5 SI-4 (5) System-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance NIST_SP_800-53_R5 SI-4(5) NIST_SP_800-53_R5_SI-4(5) NIST SP 800-53 Rev. 5 SI-4 (5) System-generated Alerts NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance NIST_SP_800-53_R5 SI-5 NIST_SP_800-53_R5_SI-5 NIST SP 800-53 Rev. 5 SI-5 Security Alerts, Advisories, and Directives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance NIST_SP_800-53_R5 SI-5 NIST_SP_800-53_R5_SI-5 NIST SP 800-53 Rev. 5 SI-5 Security Alerts, Advisories, and Directives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance NIST_SP_800-53_R5 SI-5 NIST_SP_800-53_R5_SI-5 NIST SP 800-53 Rev. 5 SI-5 Security Alerts, Advisories, and Directives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance NIST_SP_800-53_R5 SI-5 NIST_SP_800-53_R5_SI-5 NIST SP 800-53 Rev. 5 SI-5 Security Alerts, Advisories, and Directives NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance NIST_SP_800-53_R5 SI-5(1) NIST_SP_800-53_R5_SI-5(1) NIST SP 800-53 Rev. 5 SI-5 (1) Automated Alerts and Advisories NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance NIST_SP_800-53_R5 SI-6 NIST_SP_800-53_R5_SI-6 NIST SP 800-53 Rev. 5 SI-6 Security and Privacy Function Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance NIST_SP_800-53_R5 SI-6 NIST_SP_800-53_R5_SI-6 NIST SP 800-53 Rev. 5 SI-6 Security and Privacy Function Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance NIST_SP_800-53_R5 SI-6 NIST_SP_800-53_R5_SI-6 NIST SP 800-53 Rev. 5 SI-6 Security and Privacy Function Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance NIST_SP_800-53_R5 SI-6 NIST_SP_800-53_R5_SI-6 NIST SP 800-53 Rev. 5 SI-6 Security and Privacy Function Verification NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R5 SI-7 NIST_SP_800-53_R5_SI-7 NIST SP 800-53 Rev. 5 SI-7 Software, Firmware, and Information Integrity NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance NIST_SP_800-53_R5 SI-7(1) NIST_SP_800-53_R5_SI-7(1) NIST SP 800-53 Rev. 5 SI-7 (1) Integrity Checks NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance NIST_SP_800-53_R5 SI-7(1) NIST_SP_800-53_R5_SI-7(1) NIST SP 800-53 Rev. 5 SI-7 (1) Integrity Checks NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance NIST_SP_800-53_R5 SI-7(5) NIST_SP_800-53_R5_SI-7(5) NIST SP 800-53 Rev. 5 SI-7 (5) Automated Response to Integrity Violations NIST SP 800-53 Rev. 5 (179d1daa-458f-4e47-8086-2a68d0d6c38f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NZ_ISM_v3.5 AC-11 NZ_ISM_v3.5_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZ_ISM_v3.5 AC-13 NZ_ISM_v3.5_AC-13 NZISM Security Benchmark AC-13 16.5.10 Authentication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center NZ_ISM_v3.5 AC-17 NZ_ISM_v3.5_AC-17 NZISM Security Benchmark AC-17 16.6.8 Logging Requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes NZ_ISM_v3.5 AC-18 NZ_ISM_v3.5_AC-18 NZISM Security Benchmark AC-18 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring NZ_ISM_v3.5 AC-19 NZ_ISM_v3.5_AC-19 NZISM Security Benchmark AC-19 16.6.12 Event log protection [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NZ_ISM_v3.5 AC-2 NZ_ISM_v3.5_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZ_ISM_v3.5 AC-2 NZ_ISM_v3.5_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZ_ISM_v3.5 AC-2 NZ_ISM_v3.5_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NZ_ISM_v3.5 AC-3 NZ_ISM_v3.5_AC-3 NZISM Security Benchmark AC-3 16.1.35 Methods for system user identification and authentication [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-5 NZ_ISM_v3.5_AC-5 NZISM Security Benchmark AC-5 16.1.46 Suspension of access [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NZ_ISM_v3.5 AC-5 NZ_ISM_v3.5_AC-5 NZISM Security Benchmark AC-5 16.1.46 Suspension of access [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NZ_ISM_v3.5 AC-9 NZ_ISM_v3.5_AC-9 NZISM Security Benchmark AC-9 16.3.5 Use of Privileged Accounts [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NZ_ISM_v3.5 CR-10 NZ_ISM_v3.5_CR-10 NZISM Security Benchmark CR-10 17.5.7 Authentication mechanisms [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault NZ_ISM_v3.5 CR-15 NZ_ISM_v3.5_CR-15 NZISM Security Benchmark CR-15 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NZ_ISM_v3.5 CR-15 NZ_ISM_v3.5_CR-15 NZISM Security Benchmark CR-15 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZ_ISM_v3.5 CR-15 NZ_ISM_v3.5_CR-15 NZISM Security Benchmark CR-15 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault NZ_ISM_v3.5 CR-15 NZ_ISM_v3.5_CR-15 NZISM Security Benchmark CR-15 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NZ_ISM_v3.5 CR-2 NZ_ISM_v3.5_CR-2 NZISM Security Benchmark CR-2 17.1.52 Data Recovery [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZ_ISM_v3.5 CR-2 NZ_ISM_v3.5_CR-2 NZISM Security Benchmark CR-2 17.1.52 Data Recovery [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric NZ_ISM_v3.5 CR-3 NZ_ISM_v3.5_CR-3 NZISM Security Benchmark CR-3 17.1.53 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault NZ_ISM_v3.5 CR-5 NZ_ISM_v3.5_CR-5 NZISM Security Benchmark CR-5 17.2.24 Using RSA [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NZ_ISM_v3.5 CR-8 NZ_ISM_v3.5_CR-8 NZISM Security Benchmark CR-8 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NZ_ISM_v3.5 CR-8 NZ_ISM_v3.5_CR-8 NZISM Security Benchmark CR-8 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NZ_ISM_v3.5 CR-8 NZ_ISM_v3.5_CR-8 NZISM Security Benchmark CR-8 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage NZ_ISM_v3.5 GS-2 NZ_ISM_v3.5_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NZ_ISM_v3.5 GS-3 NZ_ISM_v3.5_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NZ_ISM_v3.5 GS-5 NZ_ISM_v3.5_GS-5 NZISM Security Benchmark GS-5 19.1.23 Testing of Gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NZ_ISM_v3.5 INF-9 NZ_ISM_v3.5_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZ_ISM_v3.5 ISI-2 NZ_ISM_v3.5_ISI-2 NZISM Security Benchmark ISI-2 7.1.7 Preventing and detecting information security incidents [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZ_ISM_v3.5 ISM-3 NZ_ISM_v3.5_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZ_ISM_v3.5 ISM-3 NZ_ISM_v3.5_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZ_ISM_v3.5 ISM-3 NZ_ISM_v3.5_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL NZ_ISM_v3.5 ISM-4 NZ_ISM_v3.5_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZ_ISM_v3.5 ISM-7 NZ_ISM_v3.5_ISM-7 NZISM Security Benchmark ISM-7 6.4.5 Availability requirements [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center NZ_ISM_v3.5 NS-5 NZ_ISM_v3.5_NS-5 NZISM Security Benchmark NS-5 18.3.19 Content of a Denial of Service (DoS) response plan [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL NZ_ISM_v3.5 NS-7 NZ_ISM_v3.5_NS-7 NZISM Security Benchmark NS-7 18.4.7 Intrusion Detection and Prevention strategy (IDS/IPS) [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network NZ_ISM_v3.5 NS-8 NZ_ISM_v3.5_NS-8 NZISM Security Benchmark NS-8 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZ_ISM_v3.5 NS-8 NZ_ISM_v3.5_NS-8 NZISM Security Benchmark NS-8 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZ_ISM_v3.5 NS-8 NZ_ISM_v3.5_NS-8 NZISM Security Benchmark NS-8 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network NZ_ISM_v3.5 NS-8 NZ_ISM_v3.5_NS-8 NZISM Security Benchmark NS-8 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center NZ_ISM_v3.5 PRS-5 NZ_ISM_v3.5_PRS-5 NZISM Security Benchmark PRS-5 12.4.4 Patching vulnerabilities in products [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center NZ_ISM_v3.5 PRS-5 NZ_ISM_v3.5_PRS-5 NZISM Security Benchmark PRS-5 12.4.4 Patching vulnerabilities in products [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZ_ISM_v3.5 PS-4 NZ_ISM_v3.5_PS-4 NZISM Security Benchmark PS-4 8.3.5 Network infrastructure in unsecure areas [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZ_ISM_v3.5 PS-4 NZ_ISM_v3.5_PS-4 NZISM Security Benchmark PS-4 8.3.5 Network infrastructure in unsecure areas [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZ_ISM_v3.5 SS-2 NZ_ISM_v3.5_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZ_ISM_v3.5 SS-2 NZ_ISM_v3.5_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NZ_ISM_v3.5 SS-2 NZ_ISM_v3.5_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center NZ_ISM_v3.5 SS-3 NZ_ISM_v3.5_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NZ_ISM_v3.5 SS-5 NZ_ISM_v3.5_SS-5 NZISM Security Benchmark SS-5 14.2.4 Application Whitelisting [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NZ_ISM_v3.5 SS-5 NZ_ISM_v3.5_SS-5 NZISM Security Benchmark SS-5 14.2.4 Application Whitelisting [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NZ_ISM_v3.5 SS-9 NZ_ISM_v3.5_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted v3.5 (93d2179e-3068-c82f-2428-d614ae836a04)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center NZISM_Security_Benchmark_v1.1 AC-11 NZISM_Security_Benchmark_v1.1_AC-11 NZISM Security Benchmark AC-11 16.4.30 Privileged Access Management [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration NZISM_Security_Benchmark_v1.1 AC-13 NZISM_Security_Benchmark_v1.1_AC-13 NZISM Security Benchmark AC-13 16.5.10 Authentication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring NZISM_Security_Benchmark_v1.1 AC-17 NZISM_Security_Benchmark_v1.1_AC-17 NZISM Security Benchmark AC-17 16.6.9 Events to be logged [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric NZISM_Security_Benchmark_v1.1 AC-2 NZISM_Security_Benchmark_v1.1_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service NZISM_Security_Benchmark_v1.1 AC-2 NZISM_Security_Benchmark_v1.1_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service NZISM_Security_Benchmark_v1.1 AC-2 NZISM_Security_Benchmark_v1.1_AC-2 NZISM Security Benchmark AC-2 16.1.32 System User Identitfication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center NZISM_Security_Benchmark_v1.1 AC-3 NZISM_Security_Benchmark_v1.1_AC-3 NZISM Security Benchmark AC-3 16.1.35 Methods for system user identification and authentication [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration NZISM_Security_Benchmark_v1.1 AC-4 NZISM_Security_Benchmark_v1.1_AC-4 NZISM Security Benchmark AC-4 16.1.40 Password selection policy [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration NZISM_Security_Benchmark_v1.1 AC-4 NZISM_Security_Benchmark_v1.1_AC-4 NZISM Security Benchmark AC-4 16.1.40 Password selection policy [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center NZISM_Security_Benchmark_v1.1 AC-5 NZISM_Security_Benchmark_v1.1_AC-5 NZISM Security Benchmark AC-5 16.1.46 Suspension of access [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center NZISM_Security_Benchmark_v1.1 AC-5 NZISM_Security_Benchmark_v1.1_AC-5 NZISM Security Benchmark AC-5 16.1.46 Suspension of access [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center NZISM_Security_Benchmark_v1.1 AC-9 NZISM_Security_Benchmark_v1.1_AC-9 NZISM Security Benchmark AC-9 16.3.5 Use of Privileged Accounts [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center NZISM_Security_Benchmark_v1.1 CR-14 NZISM_Security_Benchmark_v1.1_CR-14 NZISM Security Benchmark CR-14 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-14 NZISM_Security_Benchmark_v1.1_CR-14 NZISM Security Benchmark CR-14 17.9.25 Contents of KMPs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault NZISM_Security_Benchmark_v1.1 CR-2 NZISM_Security_Benchmark_v1.1_CR-2 NZISM Security Benchmark CR-2 17.1.45 Data Recovery [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault NZISM_Security_Benchmark_v1.1 CR-2 NZISM_Security_Benchmark_v1.1_CR-2 NZISM Security Benchmark CR-2 17.1.45 Data Recovery [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry NZISM_Security_Benchmark_v1.1 CR-3 NZISM_Security_Benchmark_v1.1_CR-3 NZISM Security Benchmark CR-3 17.1.46 Reducing storage and physical transfer requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service NZISM_Security_Benchmark_v1.1 CR-7 NZISM_Security_Benchmark_v1.1_CR-7 NZISM Security Benchmark CR-7 17.4.16 Using TLS [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration NZISM_Security_Benchmark_v1.1 CR-9 NZISM_Security_Benchmark_v1.1_CR-9 NZISM Security Benchmark CR-9 17.5.7 Authentication mechanisms [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL NZISM_Security_Benchmark_v1.1 DM-6 NZISM_Security_Benchmark_v1.1_DM-6 NZISM Security Benchmark DM-6 20.4.4 Database files [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL NZISM_Security_Benchmark_v1.1 DM-6 NZISM_Security_Benchmark_v1.1_DM-6 NZISM Security Benchmark DM-6 20.4.4 Database files [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired Storage NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL NZISM_Security_Benchmark_v1.1 GS-2 NZISM_Security_Benchmark_v1.1_GS-2 NZISM Security Benchmark GS-2 19.1.11 Using Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB NZISM_Security_Benchmark_v1.1 GS-3 NZISM_Security_Benchmark_v1.1_GS-3 NZISM Security Benchmark GS-3 19.1.12 Configuration of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center NZISM_Security_Benchmark_v1.1 GS-5 NZISM_Security_Benchmark_v1.1_GS-5 NZISM Security Benchmark GS-5 19.1.23 Testing of Gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL NZISM_Security_Benchmark_v1.1 INF-9 NZISM_Security_Benchmark_v1.1_INF-9 NZISM Security Benchmark INF-9 10.8.35 Security Architecture [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL NZISM_Security_Benchmark_v1.1 ISM-3 NZISM_Security_Benchmark_v1.1_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL NZISM_Security_Benchmark_v1.1 ISM-3 NZISM_Security_Benchmark_v1.1_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center NZISM_Security_Benchmark_v1.1 ISM-3 NZISM_Security_Benchmark_v1.1_ISM-3 NZISM Security Benchmark ISM-3 6.2.5 Conducting vulnerability assessments [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center NZISM_Security_Benchmark_v1.1 ISM-4 NZISM_Security_Benchmark_v1.1_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center NZISM_Security_Benchmark_v1.1 ISM-4 NZISM_Security_Benchmark_v1.1_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center NZISM_Security_Benchmark_v1.1 ISM-4 NZISM_Security_Benchmark_v1.1_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center NZISM_Security_Benchmark_v1.1 ISM-4 NZISM_Security_Benchmark_v1.1_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center NZISM_Security_Benchmark_v1.1 ISM-4 NZISM_Security_Benchmark_v1.1_ISM-4 NZISM Security Benchmark ISM-4 6.2.6 Resolving vulnerabilities [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute NZISM_Security_Benchmark_v1.1 ISM-7 NZISM_Security_Benchmark_v1.1_ISM-7 NZISM Security Benchmark ISM-7 6.4.5 Availability requirements [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center NZISM_Security_Benchmark_v1.1 NS-5 NZISM_Security_Benchmark_v1.1_NS-5 NZISM Security Benchmark NS-5 18.3.19 Content of a Denial of Service (DoS) response plan [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network NZISM_Security_Benchmark_v1.1 NS-7 NZISM_Security_Benchmark_v1.1_NS-7 NZISM Security Benchmark NS-7 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network NZISM_Security_Benchmark_v1.1 NS-7 NZISM_Security_Benchmark_v1.1_NS-7 NZISM Security Benchmark NS-7 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network NZISM_Security_Benchmark_v1.1 NS-7 NZISM_Security_Benchmark_v1.1_NS-7 NZISM Security Benchmark NS-7 18.4.8 IDS/IPSs on gateways [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center NZISM_Security_Benchmark_v1.1 PRS-5 NZISM_Security_Benchmark_v1.1_PRS-5 NZISM Security Benchmark PRS-5 12.4.4 Patching vulnerabilities in products [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center NZISM_Security_Benchmark_v1.1 PRS-5 NZISM_Security_Benchmark_v1.1_PRS-5 NZISM Security Benchmark PRS-5 12.4.4 Patching vulnerabilities in products [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache NZISM_Security_Benchmark_v1.1 PS-4 NZISM_Security_Benchmark_v1.1_PS-4 NZISM Security Benchmark PS-4 8.3.5 Network infrastructure in unsecure areas [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage NZISM_Security_Benchmark_v1.1 PS-4 NZISM_Security_Benchmark_v1.1_PS-4 NZISM Security Benchmark PS-4 8.3.5 Network infrastructure in unsecure areas [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center NZISM_Security_Benchmark_v1.1 SS-2 NZISM_Security_Benchmark_v1.1_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service NZISM_Security_Benchmark_v1.1 SS-2 NZISM_Security_Benchmark_v1.1_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service NZISM_Security_Benchmark_v1.1 SS-2 NZISM_Security_Benchmark_v1.1_SS-2 NZISM Security Benchmark SS-2 14.1.8 Developing hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center NZISM_Security_Benchmark_v1.1 SS-3 NZISM_Security_Benchmark_v1.1_SS-3 NZISM Security Benchmark SS-3 14.1.9 Maintaining hardened SOEs [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center NZISM_Security_Benchmark_v1.1 SS-5 NZISM_Security_Benchmark_v1.1_SS-5 NZISM Security Benchmark SS-5 14.2.4 Application Whitelisting [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center NZISM_Security_Benchmark_v1.1 SS-5 NZISM_Security_Benchmark_v1.1_SS-5 NZISM Security Benchmark SS-5 14.2.4 Application Whitelisting [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service NZISM_Security_Benchmark_v1.1 SS-9 NZISM_Security_Benchmark_v1.1_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service NZISM_Security_Benchmark_v1.1 SS-9 NZISM_Security_Benchmark_v1.1_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service NZISM_Security_Benchmark_v1.1 SS-9 NZISM_Security_Benchmark_v1.1_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service NZISM_Security_Benchmark_v1.1 SS-9 NZISM_Security_Benchmark_v1.1_SS-9 NZISM Security Benchmark SS-9 14.5.8 Web applications [Deprecated]: New Zealand ISM Restricted (d1a462af-7e6d-4901-98ac-61570b4ed22a)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4781e5fd-76b8-7d34-6df3-a0a7fca47665 Prevent identifier reuse for the defined time period Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance op.acc.1 Identification op.acc.1 Identification 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.acc.2 Access requirements op.acc.2 Access requirements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.acc.3 Segregation of functions and tasks op.acc.3 Segregation of functions and tasks 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center op.acc.4 Access rights management process op.acc.4 Access rights management process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b8fd5da-609b-33bf-9724-1c946285a14c Notify Account Managers of customer controlled accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
585af6e9-90c0-4575-67a7-2f9548972e32 Review and reevaluate privileges Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20762f1e-85fb-31b0-a600-e833633f10fe Reveal error messages Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ff03f2a-974b-3272-34f2-f6cd51420b30 Obscure feedback information during authentication process Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
942b3e97-6ae3-410e-a794-c9c999b97c0b Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7814506c-382c-4d33-a142-249dd4a0dbff Microsoft Managed Control 1258 - Contingency Training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
704e136a-4fe0-427c-b829-cd69957f5d2b Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6a13a8f8-c163-4b1b-8554-d63569dab937 Microsoft Managed Control 1244 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fd8af1-c161-4bae-9ba9-f62731f76439 Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65aeceb5-a59c-4cb1-8d82-9c474be5d431 Microsoft Managed Control 1261 - Contingency Plan Testing Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53c76a39-2097-408a-b237-b279f7b4614d Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50fc602d-d8e0-444b-a039-ad138ee5deb0 Microsoft Managed Control 1248 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e97ba1d-be5d-4953-8da4-0cccf28f4805 Microsoft Managed Control 1267 - Alternate Storage Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e666db5-b2ef-4b06-aac6-09bfce49151b Microsoft Managed Control 1247 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42254fc4-2738-4128-9613-72aaa4f0d9c3 Microsoft Managed Control 1260 - Contingency Training | Simulated Events Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e2b3730-8c14-4081-8893-19dbb5de7348 Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e5ef485-9e16-4c53-a475-fbb8107eac59 Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8de614d8-a8b7-4f70-a62a-6d37089a002c Microsoft Managed Control 1250 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d3bf4251-0818-42db-950b-afd5b25a51c2 Microsoft Managed Control 1249 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0 Microsoft Managed Control 1279 - Telecommunications Services Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
831e510e-db41-4c72-888e-a0621ab62265 Microsoft Managed Control 1262 - Contingency Plan Testing Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41472613-3b05-49f6-8fe8-525af113ce17 Microsoft Managed Control 1263 - Contingency Plan Testing Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d9e18f7-bad9-4d30-8806-a0c9d5e26208 Microsoft Managed Control 1259 - Contingency Training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b4a3eb2-c25d-40bf-ad41-5094b6f59cee Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da3bfb53-9c46-4010-b3db-a7ba1296dada Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc43e829-3d50-4a0a-aa0f-428d551862aa Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01f7726b-db54-45c2-bcb5-9bd7a43796ee Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afce0b3-dd9f-42bb-af28-1e4284ba8311 Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf3b3293-667a-445e-a722-fa0b0afc0958 Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca9a4469-d6df-4ab2-a42f-1213c396f0ec Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b958b241-4245-4bd6-bd2d-b8f0779fb543 Microsoft Managed Control 1257 - Contingency Training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4f9b47a-2116-4e6f-88db-4edbf22753f1 Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd280d4b-50a1-42fb-a479-ece5878acf19 Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0e45314-57b8-4623-80cd-bbb561f59516 Microsoft Managed Control 1245 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e214e563-1206-4a43-a56b-ac5880c9c571 Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e77fcbf2-a1e8-44f1-860e-ed6583761e65 Microsoft Managed Control 1273 - Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398eb61e-8111-40d5-a0c9-003df28f1753 Microsoft Managed Control 1246 - Contingency Plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34042a97-ec6d-4263-93d2-8c1c46823b2a Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2aee175f-cd16-4825-939a-a85349d96210 Microsoft Managed Control 1274 - Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
23f6e984-3053-4dfc-ab48-543b764781f5 Microsoft Managed Control 1268 - Alternate Storage Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
232ab24b-810b-4640-9019-74a7d0d6a980 Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a18adb5b-1db6-4a5b-901a-7d3797d12972 Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a23d9d53-ad2e-45ef-afd5-e6d10900a737 Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e57b98a0-a011-4956-a79d-5d17ed8b8e48 Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
19b9439d-865d-4474-b17d-97d2702fdb66 Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a895fbdb-204d-4302-9689-0a59dc42b3d9 Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9172e76-7f56-46e9-93bf-75d69bdb5491 Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8 Microsoft Managed Control 1272 - Alternate Processing Site Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa108498-b3a8-4ffb-9e79-1107e76afad3 Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3793f5e-937f-44f7-bfba-40647ef3efa0 Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65aeceb5-a59c-4cb1-8d82-9c474be5d431 Microsoft Managed Control 1261 - Contingency Plan Testing Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4f9b47a-2116-4e6f-88db-4edbf22753f1 Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b958b241-4245-4bd6-bd2d-b8f0779fb543 Microsoft Managed Control 1257 - Contingency Training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca9a4469-d6df-4ab2-a42f-1213c396f0ec Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf3b3293-667a-445e-a722-fa0b0afc0958 Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d3bf4251-0818-42db-950b-afd5b25a51c2 Microsoft Managed Control 1249 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da3bfb53-9c46-4010-b3db-a7ba1296dada Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc43e829-3d50-4a0a-aa0f-428d551862aa Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd280d4b-50a1-42fb-a479-ece5878acf19 Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e214e563-1206-4a43-a56b-ac5880c9c571 Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e57b98a0-a011-4956-a79d-5d17ed8b8e48 Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e77fcbf2-a1e8-44f1-860e-ed6583761e65 Microsoft Managed Control 1273 - Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3793f5e-937f-44f7-bfba-40647ef3efa0 Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa108498-b3a8-4ffb-9e79-1107e76afad3 Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8 Microsoft Managed Control 1272 - Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9172e76-7f56-46e9-93bf-75d69bdb5491 Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a895fbdb-204d-4302-9689-0a59dc42b3d9 Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a23d9d53-ad2e-45ef-afd5-e6d10900a737 Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6a13a8f8-c163-4b1b-8554-d63569dab937 Microsoft Managed Control 1244 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
704e136a-4fe0-427c-b829-cd69957f5d2b Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7814506c-382c-4d33-a142-249dd4a0dbff Microsoft Managed Control 1258 - Contingency Training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0 Microsoft Managed Control 1279 - Telecommunications Services Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
831e510e-db41-4c72-888e-a0621ab62265 Microsoft Managed Control 1262 - Contingency Plan Testing Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e5ef485-9e16-4c53-a475-fbb8107eac59 Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fd8af1-c161-4bae-9ba9-f62731f76439 Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
942b3e97-6ae3-410e-a794-c9c999b97c0b Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d9e18f7-bad9-4d30-8806-a0c9d5e26208 Microsoft Managed Control 1259 - Contingency Training Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0e45314-57b8-4623-80cd-bbb561f59516 Microsoft Managed Control 1245 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a18adb5b-1db6-4a5b-901a-7d3797d12972 Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8de614d8-a8b7-4f70-a62a-6d37089a002c Microsoft Managed Control 1250 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42254fc4-2738-4128-9613-72aaa4f0d9c3 Microsoft Managed Control 1260 - Contingency Training | Simulated Events Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2aee175f-cd16-4825-939a-a85349d96210 Microsoft Managed Control 1274 - Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
23f6e984-3053-4dfc-ab48-543b764781f5 Microsoft Managed Control 1268 - Alternate Storage Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
232ab24b-810b-4640-9019-74a7d0d6a980 Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
19b9439d-865d-4474-b17d-97d2702fdb66 Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afce0b3-dd9f-42bb-af28-1e4284ba8311 Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01f7726b-db54-45c2-bcb5-9bd7a43796ee Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34042a97-ec6d-4263-93d2-8c1c46823b2a Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398eb61e-8111-40d5-a0c9-003df28f1753 Microsoft Managed Control 1246 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b4a3eb2-c25d-40bf-ad41-5094b6f59cee Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e2b3730-8c14-4081-8893-19dbb5de7348 Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e97ba1d-be5d-4953-8da4-0cccf28f4805 Microsoft Managed Control 1267 - Alternate Storage Site Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50fc602d-d8e0-444b-a039-ad138ee5deb0 Microsoft Managed Control 1248 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53c76a39-2097-408a-b237-b279f7b4614d Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41472613-3b05-49f6-8fe8-525af113ce17 Microsoft Managed Control 1263 - Contingency Plan Testing Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e666db5-b2ef-4b06-aac6-09bfce49151b Microsoft Managed Control 1247 - Contingency Plan Regulatory Compliance op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4d479a11-f2b5-4f0a-bb1e-d2332aa95cda [Preview]: Disable Cross Subscription Restore for Backup Vaults Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6f6f560-14b7-49a4-9fc8-d2c3a9807868 [Preview]: Immutability must be enabled for Recovery Services vaults Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8015d6ed-3641-4534-8d0b-5c67b67ff7de [Preview]: Configure Recovery Services vaults to use private endpoints for backup Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9798d31d-6028-4dee-8643-46102185c016 [Preview]: Soft delete should be enabled for Backup Vaults Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af783da1-4ad1-42be-800d-d19c70038820 [Preview]: Configure Recovery Services vaults to use private DNS zones for backup Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05938e10-cdbd-4a54-9b2b-1cbcfc141ad0 Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
345fa903-145c-4fe1-8bcd-93ec2adccde8 Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2514263b-bc0d-4b06-ac3e-f262c0979018 [Preview]: Immutability must be enabled for backup vaults Backup op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa108498-b3a8-4ffb-9e79-1107e76afad3 Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e57b98a0-a011-4956-a79d-5d17ed8b8e48 Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e77fcbf2-a1e8-44f1-860e-ed6583761e65 Microsoft Managed Control 1273 - Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a18adb5b-1db6-4a5b-901a-7d3797d12972 Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0e45314-57b8-4623-80cd-bbb561f59516 Microsoft Managed Control 1245 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d9e18f7-bad9-4d30-8806-a0c9d5e26208 Microsoft Managed Control 1259 - Contingency Training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398eb61e-8111-40d5-a0c9-003df28f1753 Microsoft Managed Control 1246 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b4a3eb2-c25d-40bf-ad41-5094b6f59cee Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41472613-3b05-49f6-8fe8-525af113ce17 Microsoft Managed Control 1263 - Contingency Plan Testing Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42254fc4-2738-4128-9613-72aaa4f0d9c3 Microsoft Managed Control 1260 - Contingency Training | Simulated Events Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e666db5-b2ef-4b06-aac6-09bfce49151b Microsoft Managed Control 1247 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
942b3e97-6ae3-410e-a794-c9c999b97c0b Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fd8af1-c161-4bae-9ba9-f62731f76439 Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a23d9d53-ad2e-45ef-afd5-e6d10900a737 Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e97ba1d-be5d-4953-8da4-0cccf28f4805 Microsoft Managed Control 1267 - Alternate Storage Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53c76a39-2097-408a-b237-b279f7b4614d Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e2b3730-8c14-4081-8893-19dbb5de7348 Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65aeceb5-a59c-4cb1-8d82-9c474be5d431 Microsoft Managed Control 1261 - Contingency Plan Testing Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6a13a8f8-c163-4b1b-8554-d63569dab937 Microsoft Managed Control 1244 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
704e136a-4fe0-427c-b829-cd69957f5d2b Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7814506c-382c-4d33-a142-249dd4a0dbff Microsoft Managed Control 1258 - Contingency Training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0 Microsoft Managed Control 1279 - Telecommunications Services Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
831e510e-db41-4c72-888e-a0621ab62265 Microsoft Managed Control 1262 - Contingency Plan Testing Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50fc602d-d8e0-444b-a039-ad138ee5deb0 Microsoft Managed Control 1248 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3793f5e-937f-44f7-bfba-40647ef3efa0 Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a895fbdb-204d-4302-9689-0a59dc42b3d9 Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8 Microsoft Managed Control 1272 - Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e214e563-1206-4a43-a56b-ac5880c9c571 Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9934fd7-29f2-4e6d-ab3d-607ea38e9079 SQL Managed Instances should avoid using GRS backup redundancy SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd280d4b-50a1-42fb-a479-ece5878acf19 Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc43e829-3d50-4a0a-aa0f-428d551862aa Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da3bfb53-9c46-4010-b3db-a7ba1296dada Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e5ef485-9e16-4c53-a475-fbb8107eac59 Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d3bf4251-0818-42db-950b-afd5b25a51c2 Microsoft Managed Control 1249 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf3b3293-667a-445e-a722-fa0b0afc0958 Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13 SQL Database should avoid using GRS backup redundancy SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9172e76-7f56-46e9-93bf-75d69bdb5491 Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01f7726b-db54-45c2-bcb5-9bd7a43796ee Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afce0b3-dd9f-42bb-af28-1e4284ba8311 Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca9a4469-d6df-4ab2-a42f-1213c396f0ec Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
19b9439d-865d-4474-b17d-97d2702fdb66 Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
232ab24b-810b-4640-9019-74a7d0d6a980 Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
23f6e984-3053-4dfc-ab48-543b764781f5 Microsoft Managed Control 1268 - Alternate Storage Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2aee175f-cd16-4825-939a-a85349d96210 Microsoft Managed Control 1274 - Alternate Processing Site Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34042a97-ec6d-4263-93d2-8c1c46823b2a Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b958b241-4245-4bd6-bd2d-b8f0779fb543 Microsoft Managed Control 1257 - Contingency Training Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4f9b47a-2116-4e6f-88db-4edbf22753f1 Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8de614d8-a8b7-4f70-a62a-6d37089a002c Microsoft Managed Control 1250 - Contingency Plan Regulatory Compliance op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6a13a8f8-c163-4b1b-8554-d63569dab937 Microsoft Managed Control 1244 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42254fc4-2738-4128-9613-72aaa4f0d9c3 Microsoft Managed Control 1260 - Contingency Training | Simulated Events Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8015d6ed-3641-4534-8d0b-5c67b67ff7de [Preview]: Configure Recovery Services vaults to use private endpoints for backup Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4d479a11-f2b5-4f0a-bb1e-d2332aa95cda [Preview]: Disable Cross Subscription Restore for Backup Vaults Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2514263b-bc0d-4b06-ac3e-f262c0979018 [Preview]: Immutability must be enabled for backup vaults Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05938e10-cdbd-4a54-9b2b-1cbcfc141ad0 Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09ce66bc-1220-4153-8104-e3f51c936913 Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fa108498-b3a8-4ffb-9e79-1107e76afad3 Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3793f5e-937f-44f7-bfba-40647ef3efa0 Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e77fcbf2-a1e8-44f1-860e-ed6583761e65 Microsoft Managed Control 1273 - Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e57b98a0-a011-4956-a79d-5d17ed8b8e48 Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e214e563-1206-4a43-a56b-ac5880c9c571 Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
345fa903-145c-4fe1-8bcd-93ec2adccde8 Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
23f6e984-3053-4dfc-ab48-543b764781f5 Microsoft Managed Control 1268 - Alternate Storage Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34042a97-ec6d-4263-93d2-8c1c46823b2a Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
958dbd4e-0e20-4385-a082-d3f20c2a6ad8 [Preview]: Configure blob backup for all storage accounts that do not contain a given tag to a backup vault in the same region Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
615b01c4-d565-4f6f-8c6e-d130268e3a1a [Preview]: Configure backup for blobs on storage accounts with a given tag to an existing backup vault in the same region Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6f6f560-14b7-49a4-9fc8-d2c3a9807868 [Preview]: Immutability must be enabled for Recovery Services vaults Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
232ab24b-810b-4640-9019-74a7d0d6a980 Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af783da1-4ad1-42be-800d-d19c70038820 [Preview]: Configure Recovery Services vaults to use private DNS zones for backup Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
19b9439d-865d-4474-b17d-97d2702fdb66 Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afce0b3-dd9f-42bb-af28-1e4284ba8311 Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01f7726b-db54-45c2-bcb5-9bd7a43796ee Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9798d31d-6028-4dee-8643-46102185c016 [Preview]: Soft delete should be enabled for Backup Vaults Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41472613-3b05-49f6-8fe8-525af113ce17 Microsoft Managed Control 1263 - Contingency Plan Testing Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d9e18f7-bad9-4d30-8806-a0c9d5e26208 Microsoft Managed Control 1259 - Contingency Training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c954fcf-6dd8-81f1-41b5-832ae5c62caf Incorporate simulated contingency training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
942b3e97-6ae3-410e-a794-c9c999b97c0b Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
93fd8af1-c161-4bae-9ba9-f62731f76439 Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e5ef485-9e16-4c53-a475-fbb8107eac59 Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8de614d8-a8b7-4f70-a62a-6d37089a002c Microsoft Managed Control 1250 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
831e510e-db41-4c72-888e-a0621ab62265 Microsoft Managed Control 1262 - Contingency Plan Testing Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0 Microsoft Managed Control 1279 - Telecommunications Services Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7814506c-382c-4d33-a142-249dd4a0dbff Microsoft Managed Control 1258 - Contingency Training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
704e136a-4fe0-427c-b829-cd69957f5d2b Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65aeceb5-a59c-4cb1-8d82-9c474be5d431 Microsoft Managed Control 1261 - Contingency Plan Testing Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5e2b3730-8c14-4081-8893-19dbb5de7348 Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53c76a39-2097-408a-b237-b279f7b4614d Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50fc602d-d8e0-444b-a039-ad138ee5deb0 Microsoft Managed Control 1248 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e97ba1d-be5d-4953-8da4-0cccf28f4805 Microsoft Managed Control 1267 - Alternate Storage Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e666db5-b2ef-4b06-aac6-09bfce49151b Microsoft Managed Control 1247 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0e45314-57b8-4623-80cd-bbb561f59516 Microsoft Managed Control 1245 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a18adb5b-1db6-4a5b-901a-7d3797d12972 Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a895fbdb-204d-4302-9689-0a59dc42b3d9 Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83644c87-93dd-49fe-bf9f-6aff8fd0834e Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy Backup op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd280d4b-50a1-42fb-a479-ece5878acf19 Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc43e829-3d50-4a0a-aa0f-428d551862aa Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9934fd7-29f2-4e6d-ab3d-607ea38e9079 SQL Managed Instances should avoid using GRS backup redundancy SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13 SQL Database should avoid using GRS backup redundancy SQL op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da3bfb53-9c46-4010-b3db-a7ba1296dada Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d3bf4251-0818-42db-950b-afd5b25a51c2 Microsoft Managed Control 1249 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf3b3293-667a-445e-a722-fa0b0afc0958 Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ca9a4469-d6df-4ab2-a42f-1213c396f0ec Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba99d512-3baa-1c38-8b0b-ae16bbd34274 Test contingency plan at an alternate processing location Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b958b241-4245-4bd6-bd2d-b8f0779fb543 Microsoft Managed Control 1257 - Contingency Training Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4f9b47a-2116-4e6f-88db-4edbf22753f1 Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8 Microsoft Managed Control 1272 - Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9172e76-7f56-46e9-93bf-75d69bdb5491 Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a23d9d53-ad2e-45ef-afd5-e6d10900a737 Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2aee175f-cd16-4825-939a-a85349d96210 Microsoft Managed Control 1274 - Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b4a3eb2-c25d-40bf-ad41-5094b6f59cee Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398eb61e-8111-40d5-a0c9-003df28f1753 Microsoft Managed Control 1246 - Contingency Plan Regulatory Compliance op.cont.4 Alternative means op.cont.4 Alternative means 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b78f5e-4877-4303-b0f4-eb6583f25768 Microsoft Managed Control 1227 - Information System Component Inventory | Automated Unauthorized Component Detection Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03752212-103c-4ab8-a306-7e813022ca9d Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a Microsoft Managed Control 1223 - Information System Component Inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09a1f130-7697-42bc-8d84-8a9ea17e5187 [Preview]: Configure Linux Arc-enabled machines to to install AMA for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a2119c1-f068-4bfe-9f03-db94317e8db9 Microsoft Managed Control 1855 - Inventory of Personally Identifiable Information Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fb39e62f-6bda-4558-8088-ec03d5670914 Microsoft Managed Control 1222 - Information System Component Inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef9fe2ce-a588-4edd-829c-6247069dcfdb [Preview]: Configure Windows Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c158eb1c-ae7e-4081-8057-d527140c4e0c Microsoft Managed Control 1226 - Information System Component Inventory | Automated Unauthorized Component Detection Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09a1f130-7697-42bc-8d84-8a9ea17e5192 [Preview]: Configure Linux Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b73e81f3-6303-48ad-9822-b69fc00c15ef [Preview]: Configure Linux VMSS to install AMA for ChangeTracking and Inventory with user-assigned managed identity ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6faa975-0add-4f35-8d1c-70bba45c4424 [Preview]: Configure Windows Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ad1eeff9-20d7-4c82-a04e-903acab0bfc1 [Preview]: Configure Windows VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a7acfae7-9497-4a3f-a3b5-a16a50abbe2f [Preview]: Configure Windows Arc-enabled machines to install AMA for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
952a545c-6dc5-4999-aeb6-51ed27dc7ea5 Microsoft Managed Control 1854 - Inventory of Personally Identifiable Information Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bef2d677-e829-492d-9a3d-f5a20fda818f [Preview]: Configure Linux Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d096fe0-f510-4486-8b4d-d17dc230980b Microsoft Managed Control 1225 - Information System Component Inventory | Automated Maintenance Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
74520428-3aa8-449c-938d-93f51940759e Microsoft Managed Control 1739 - Information System Inventory Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56d0ed2b-60fc-44bf-af81-a78c851b5fe1 [Preview]: Configure Linux VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4485d24b-a9d3-4206-b691-1fad83bc5007 [Preview]: Configure Windows VMSS to install AMA for ChangeTracking and Inventory with user-assigned managed identity ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39c54140-5902-4079-8bb5-ad31936fe764 Microsoft Managed Control 1228 - Information System Component Inventory | Accountability Information Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28cfa30b-7f72-47ce-ba3b-eed26c8d2c82 Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals Regulatory Compliance op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1142b015-2bd7-41e0-8645-a531afe09a1e [Preview]: Configure Linux VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8fd85785-1547-4a4a-bf90-d5483c9571c5 [Preview]: Configure Windows VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory ChangeTrackingAndInventory op.exp.1 Asset inventory op.exp.1 Asset inventory 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
587c79fe-dd04-4a5e-9d0b-f89598c7261b Keys should be backed by a hardware security module (HSM) Key Vault op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f86aa129-7c07-4aa4-bbf5-792d93ffd9ea Microsoft Managed Control 1345 - Cryptographic Module Authentication Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f0e5abd0-2554-4736-b7c0-4ffef23475ef Queue Storage should use customer-managed key for encryption Storage op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d39d4f68-7346-4133-8841-15318a714a24 Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6747bf9-2b97-45b8-b162-3c8becb9937d Microsoft Managed Control 1419 - Remote Maintenance | Cryptographic Protection Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d478a74-21ba-4b9f-9d8f-8e6fced0eec5 [Preview]: Azure Key Vault Managed HSM keys should have an expiration date Key Vault op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a7211477-c970-446b-b4af-062f37461147 Microsoft Managed Control 1644 - Cryptographic Key Establishment And Management | Availability Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2cdf6b8-9505-4619-b579-309ba72037ac Microsoft Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
90b60a09-133d-45bc-86ef-b206a6134bbe Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c322315-e26d-4174-a99e-f49d351b4688 Table Storage should use customer-managed key for encryption Storage op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8d492c-dd7a-46f7-a723-fa66a425b87c Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbd0baf-ff1a-4447-a86f-088a97347c0c Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric Keys Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d87c70b-5012-48e9-994b-e70dd4b8def0 Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e80b6812-0bfa-4383-8223-cdd86a46a890 Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e54c325e-42a0-4dcf-b105-046e0f6f590f Microsoft Managed Control 1716 - Software & Information Integrity | Integration Of Detection And Response Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e12494fa-b81e-4080-af71-7dbacc2da0ec Microsoft Managed Control 1714 - Software & Information Integrity | Automated Notifications Of Integrity Violations Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd469ae0-71a8-4adc-aafc-de6949ca3339 Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c49c610b-ece4-44b3-988c-2172b70d6e46 Microsoft Managed Control 1235 - Software Usage Restrictions Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c40f31a7-81e1-4130-99e5-a02ceea2a1d6 Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b293f881-361c-47ed-b997-bc4e2296bc0b Microsoft Managed Control 1234 - Software Usage Restrictions Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1 Microsoft Managed Control 1238 - User-Installed Software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ba3ed84-c768-4e18-b87c-34ef1aff1b57 Microsoft Managed Control 1236 - Software Usage Restrictions Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef Microsoft Managed Control 1717 - Software & Information Integrity | Binary Or Machine Executable Code Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
44e543aa-41db-42aa-98eb-8a5eb1db53f0 Microsoft Managed Control 1712 - Software & Information Integrity Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2a39ac75-622b-4c88-9a3f-45b7373f7ef7 Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
22589a07-0007-486a-86ca-95355081ae2a Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
129eb39f-d79a-4503-84cd-92f036b5e429 Microsoft Managed Control 1240 - User-Installed Software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dced7ab-9ce5-4137-93aa-14c13e06ab17 Microsoft Managed Control 1718 - Software & Information Integrity | Binary Or Machine Executable Code Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0be51298-f643-4556-88af-d7db90794879 Microsoft Managed Control 1239 - User-Installed Software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d7d66d05-bf34-4555-b5f2-8b749def4098 Microsoft Managed Control 1837 - Data Retention And Disposal | System Configuration Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bef3414-50bc-4fc0-b3db-372bb8fe0796 Microsoft Managed Control 1836 - Data Retention And Disposal Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56a838e0-0a5d-49a8-ab74-bf6be81b32f5 Microsoft Managed Control 1835 - Data Retention And Disposal Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12a4a4dd-6c65-4900-9d7e-63fed5da791e Microsoft Managed Control 1834 - Data Retention And Disposal Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eca4d7b2-65e2-4e04-95d4-c68606b063c3 Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations Regulatory Compliance op.exp.2 Security configuration op.exp.2 Security configuration 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eca4d7b2-65e2-4e04-95d4-c68606b063c3 Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
819dc6da-289d-476e-8500-7e341ef8677d Microsoft Managed Control 1287 - Information System Backup Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a724864-956a-496c-b778-637cb1d762cf Microsoft Managed Control 1289 - Information System Backup Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49dbe627-2c1e-438c-979e-dd7a39bbf81d Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
345fa903-145c-4fe1-8bcd-93ec2adccde8 Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location Backup op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09ce66bc-1220-4153-8104-e3f51c936913 Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location Backup op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05938e10-cdbd-4a54-9b2b-1cbcfc141ad0 Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e80b6812-0bfa-4383-8223-cdd86a46a890 Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e54c325e-42a0-4dcf-b105-046e0f6f590f Microsoft Managed Control 1716 - Software & Information Integrity | Integration Of Detection And Response Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e12494fa-b81e-4080-af71-7dbacc2da0ec Microsoft Managed Control 1714 - Software & Information Integrity | Automated Notifications Of Integrity Violations Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd469ae0-71a8-4adc-aafc-de6949ca3339 Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c49c610b-ece4-44b3-988c-2172b70d6e46 Microsoft Managed Control 1235 - Software Usage Restrictions Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c40f31a7-81e1-4130-99e5-a02ceea2a1d6 Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b293f881-361c-47ed-b997-bc4e2296bc0b Microsoft Managed Control 1234 - Software Usage Restrictions Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1 Microsoft Managed Control 1238 - User-Installed Software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ba3ed84-c768-4e18-b87c-34ef1aff1b57 Microsoft Managed Control 1236 - Software Usage Restrictions Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83644c87-93dd-49fe-bf9f-6aff8fd0834e Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy Backup op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
87f7cd82-2e45-4d0f-9e2f-586b0962d142 Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef Microsoft Managed Control 1717 - Software & Information Integrity | Binary Or Machine Executable Code Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ee5975d-2507-5530-a20a-83a725889c6f Restrict unauthorized software and firmware installation Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68d2e478-3b19-23eb-1357-31b296547457 Enforce software execution privileges Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
44e543aa-41db-42aa-98eb-8a5eb1db53f0 Microsoft Managed Control 1712 - Software & Information Integrity Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2a39ac75-622b-4c88-9a3f-45b7373f7ef7 Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
22589a07-0007-486a-86ca-95355081ae2a Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
129eb39f-d79a-4503-84cd-92f036b5e429 Microsoft Managed Control 1240 - User-Installed Software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dced7ab-9ce5-4137-93aa-14c13e06ab17 Microsoft Managed Control 1718 - Software & Information Integrity | Binary Or Machine Executable Code Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d87c70b-5012-48e9-994b-e70dd4b8def0 Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0be51298-f643-4556-88af-d7db90794879 Microsoft Managed Control 1239 - User-Installed Software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
08c11b48-8745-034d-1c1b-a144feec73b9 Restrict use of open source software Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d7d66d05-bf34-4555-b5f2-8b749def4098 Microsoft Managed Control 1837 - Data Retention And Disposal | System Configuration Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bef3414-50bc-4fc0-b3db-372bb8fe0796 Microsoft Managed Control 1836 - Data Retention And Disposal Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56a838e0-0a5d-49a8-ab74-bf6be81b32f5 Microsoft Managed Control 1835 - Data Retention And Disposal Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12a4a4dd-6c65-4900-9d7e-63fed5da791e Microsoft Managed Control 1834 - Data Retention And Disposal Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Microsoft Managed Control 1288 - Information System Backup Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Microsoft Managed Control 1290 - Information System Backup Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a9934fd7-29f2-4e6d-ab3d-607ea38e9079 SQL Managed Instances should avoid using GRS backup redundancy SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13 SQL Database should avoid using GRS backup redundancy SQL op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d03516cf-0293-489f-9b32-a18f2a79f836 Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
74041cfe-3f87-1d17-79ec-34ca5f895542 Produce complete records of remote maintenance activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8587fce-138f-86e8-33a3-c60768bf1da6 Automate remote maintenance activities Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb598832-4bcc-658d-4381-3ecbe17b9866 Provide timely maintenance support Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.exp.5 Change management op.exp.5 Change management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2227e1f1-23dd-4c3a-85a9-7024a401d8b2 Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL user-defined DCR Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
242300d6-1bfc-4d64-8d01-cee583709ebd Configure the Microsoft Defender for SQL Log Analytics workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ac076320-ddcf-4066-b451-6154267e8ad2 Enable Microsoft Defender for Cloud on your subscription Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
361c2074-3595-4e5d-8cab-4f21dffc835c Deploy Defender for Storage (Classic) on storage accounts Storage op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
951c1558-50a5-4ca3-abb6-a93e3e2367a6 Configure Microsoft Defender for SQL to be enabled on Synapse workspaces Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 Configure Azure Defender for servers to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1f725891-01c0-420a-9059-4fa46cb770b7 Configure Microsoft Defender for Key Vault plan Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e378679-f122-4a96-a739-a7729c46e1aa Cloud Services (extended support) role instances should have an endpoint protection solution installed Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
74c30959-af11-47b3-9ed2-a26e03f427a3 Configure Microsoft Defender for Storage (Classic) to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bf5b87-728b-4a74-ba4d-6123845cf542 Configure Microsoft Defender for Azure Cosmos DB to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17bc14a7-92e1-4551-8b8c-80f36953e166 Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only) Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04754ef9-9ae3-4477-bf17-86ef50026304 Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af9f6c70-eb74-4189-8d15-e4f11a7ebfd4 Deploy export to Event Hub as a trusted service for Microsoft Defender for Cloud data Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Configure Azure Defender for App Service to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
44433aa3-7ec2-4002-93ea-65c65ff0310a Configure Azure Defender for open-source relational databases to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
689f7782-ef2c-4270-a6d0-7664869076bd Configure Microsoft Defender CSPM to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd Configure Azure Defender to be enabled on SQL managed instances SQL op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
da0fd392-9669-4ad4-b32c-ca46aaa6c21f Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c859b78a-a128-4376-a838-e97ce6625d16 Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c9ddb292-b203-4738-aead-18e2716e858f Configure Microsoft Defender for Containers to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbdd12e1-193a-445c-9926-560118c6daaa Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL DCR Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cfdc5972-75b3-4418-8ae1-7f5c36839390 Configure Microsoft Defender for Storage to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65503269-6a54-4553-8a28-0065a8e6d929 Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
64def556-fbad-4622-930e-72d1d5589bf5 Configure Azure Kubernetes Service clusters to enable Defender profile Kubernetes op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d96163de-dbe0-45ac-b803-0e9ca0f5764e Windows machines should configure Windows Defender to update protection signatures within one day Guest Configuration op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3248a42-b1c1-41a4-87bc-8bad3d845589 Windows machines should enable Windows Defender Real-time protection Guest Configuration op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
63d03cbd-47fd-4ee1-8a1c-9ddf07303de0 Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 Configure Azure Defender for Resource Manager to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b99b73e7-074b-4089-9395-b7236f094491 Configure Azure Defender for Azure SQL database to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b6ad009f-5c24-1dc0-a25e-74b60e4da45f Control maintenance and repair activities Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fb1cb0e-1936-6f32-42fd-89970b535855 Manage nonlocal maintenance and diagnostic activities Regulatory Compliance op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50ea7265-7d8c-429e-9a7d-ca1f410191c3 Configure Azure Defender for SQL servers on machines to be enabled Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.exp.6 Protection against harmful code op.exp.6 Protection against harmful code 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ea3e8156-89a1-45b1-8bd6-938abc79fdfd Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3007185-3857-43a9-8237-06ca94f1084c Microsoft Managed Control 1387 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c785ad59-f78f-44ad-9a7f-d1202318c748 Microsoft Managed Control 1353 - Incident Response Training Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4213689-05e8-4241-9d4e-8dd1cdafd105 Microsoft Managed Control 1357 - Incident Response Training | Automated Training Environments Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fb845c34-808d-4c17-a0ce-85a530e9164b Microsoft Managed Control 1857 - Privacy Incident Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
effbaeef-5bf4-400d-895e-ef8cbc0e64c7 Microsoft Managed Control 1358 - Incident Response Testing Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5368258-9684-4567-8126-269f34e65eab Microsoft Managed Control 1381 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d4558451-e16a-4d2d-a066-fe12a6282bb9 Microsoft Managed Control 1383 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dd6ac1a1-660e-4810-baa8-74e868e2ed47 Microsoft Managed Control 1391 - Information Spillage Response | Training Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cc5c8616-52ef-4e5e-8000-491634ed9249 Microsoft Managed Control 1374 - Incident Response Assistance Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c7c575a-d4c5-4f6f-bd49-dee97a8cba55 Microsoft Managed Control 1388 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
86dc819f-15e1-43f9-a271-41ae58d4cecc Microsoft Managed Control 1392 - Information Spillage Response | Post-Spill Operations Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
841392b3-40da-4473-b328-4cde49db67b3 Microsoft Managed Control 1382 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79fbc228-461c-4a45-9004-a865ca0728a7 Microsoft Managed Control 1384 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
731856d8-1598-4b75-92de-7d46235747c0 Microsoft Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized Personnel Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68434bd1-e14b-4031-9edb-a4adf5f84a67 Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5d169442-d6ef-439b-8dca-46c2c3248214 Microsoft Managed Control 1362 - Incident Handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518cb545-bfa8-43f8-a108-3b7d5037469a Microsoft Managed Control 1352 - Incident Response Policy And Procedures Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5120193e-91fd-4f9d-bc6d-194f94734065 Microsoft Managed Control 1386 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4cca950f-c3b7-492a-8e8f-ea39663c14f9 Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c615c2a-dc83-4dda-8220-abce7b50c9bc Microsoft Managed Control 1364 - Incident Handling | Dynamic Reconfiguration Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
493a95f3-f2e3-47d0-af02-65e6d6decc2f Microsoft Managed Control 1376 - Incident Response Assistance | Coordination With External Providers Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
47bc7ea0-7d13-4f7c-a154-b903f7194253 Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
465f32da-0ace-4603-8d1b-7be5a3a702de Microsoft Managed Control 1368 - Incident Handling | Correlation With External Organizations Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
435b2547-6374-4f87-b42d-6e8dbe6ae62a Microsoft Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4116891d-72f7-46ee-911c-8056cc8dcbd5 Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c3b65b63-09ec-4cb5-8028-7dd324d10eb0 Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be5b05e7-0b82-4ebc-9eda-25e447b1a41e Microsoft Managed Control 1360 - Incident Handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fd92c17-163a-4511-bb96-bbb476449796 Microsoft Managed Control 1354 - Incident Response Training Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98e33927-8d7f-6d5f-44f5-2469b40b7215 Implement Incident handling capability Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
97fceb70-6983-42d0-9331-18ad8253184d Microsoft Managed Control 1378 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9447f354-2c85-4700-93b3-ecdc6cb6a417 Microsoft Managed Control 1371 - Incident Reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9442dd2c-a07f-46cd-b55a-553b66ba47ca Microsoft Managed Control 1379 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
924e1b2d-c502-478f-bfdb-a7e09a0d5c01 Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
90e01f69-3074-4de8-ade7-0fef3e7d83e0 Microsoft Managed Control 1355 - Incident Response Training Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8829f8f5-e8be-441e-85c9-85b72a5d0ef3 Microsoft Managed Control 1356 - Incident Response Training | Simulated Events Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4319b7e-ea8d-42ff-8a67-ccd462972827 Microsoft Managed Control 1380 - Incident Response Plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bcfb6683-05e5-4ce6-9723-c3fbe9896bdd Microsoft Managed Control 1351 - Incident Response Policy And Procedures Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c39e6fda-ae70-4891-a739-be7bba6d1062 Microsoft Managed Control 1389 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3e495e65-8663-49ca-9b38-9f45e800bc58 Microsoft Managed Control 1385 - Information Spillage Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2d5600ed-575a-4723-9ff4-52d694be0a59 Microsoft Managed Control 1856 - Privacy Incident Response Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00379355-8932-4b52-b63a-3bc6daf3451a Microsoft Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
56fb5173-3865-5a5d-5fad-ae33e53e1577 Address information security issues Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
05a32666-d134-4842-a8cb-5c299f4bc099 Microsoft Managed Control 1728 - Incident Handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06c45c30-ae44-4f0f-82be-41331da911cc Microsoft Managed Control 1366 - Incident Handling | Information Correlation Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
18cc35ed-a429-486d-8d59-cb47e87304ed Microsoft Managed Control 1369 - Incident Monitoring Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03ed3be1-7276-4452-9a5d-e4168565ac67 Microsoft Managed Control 1361 - Incident Handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
25b96717-c912-4c00-9143-4e487f411726 Microsoft Managed Control 1372 - Incident Reporting Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance op.exp.7 Incident management op.exp.7 Incident management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ad1d562b-a04b-15d3-6770-ed310b601cb5 Publish rules and regulations accessing Privacy Act records Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a930f477-9dcb-2113-8aa7-45bb6fc90861 Review and update the events defined in AU-02 Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
529ea018-6afc-4ed4-95bd-7c9ee47b00bc Synapse workspaces with SQL auditing to storage account destination should be configured with 90 days retention or higher Synapse op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
214ea241-010d-8926-44cc-b90a96d52adc Compile Audit records into system wide audit Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 Publish access procedures in SORNs Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Implement methods for consumer requests Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d639b3af-a535-4bef-8dcf-15078cddf5e2 App Service app slots should have resource logs enabled App Service op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee8a7be2-e9b5-47b9-9d37-d9b141ea78a4 Azure Web PubSub Service should enable diagnostic logs Web PubSub op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9f1f9a9-8795-49f9-9e7b-e11db14caeb2 Azure SignalR Service should enable diagnostic logs SignalR op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance op.exp.9 Incident management record op.exp.9 Incident management record 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.ext.1 Contracting and service level agreements op.ext.1 Contracting and service level agreements 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.ext.2 Daily management op.ext.2 Daily management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b73b7b3b-677c-4a2a-b949-ad4dc4acd89f Microsoft Managed Control 1608 - Supply Chain Protection Regulatory Compliance op.ext.3 Protection of supply chain op.ext.3 Protection of supply chain 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.ext.3 Protection of supply chain op.ext.3 Protection of supply chain 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92a7591f-73b3-1173-a09c-a08882d84c70 Identify actions allowed without authentication Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66632c7c-d0b3-4945-a8ae-e5c62cbea386 Microsoft Managed Control 1829 - Data Integrity And Data Integrity Board | Publish Agreements on Website Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c3e4fa5d-c0c4-46c4-9a13-bb9b9f0b003f Microsoft Managed Control 1865 - System of Records Notices And Privacy Act Statements | Public Website Publication Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41256567-1795-4684-b00b-a1308ce43cac Microsoft Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13fcf812-ec82-4eda-9b89-498de9efd620 Microsoft Managed Control 1695 - Information System Monitoring | Wireless Intrusion Detection Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2567a23-d1c3-4783-99f3-d471302a4d6b Microsoft Managed Control 1690 - Information System Monitoring | System-Wide Intrusion Detection System Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cdcb825f-a0fb-31f9-29c1-ab566718499a Publish Computer Matching Agreements on public website Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance op.mon.1 Intrusion detection op.mon.1 Intrusion detection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance op.mon.2 Metrics system op.mon.2 Metrics system 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance op.mon.2 Metrics system op.mon.2 Metrics system 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.mon.2 Metrics system op.mon.2 Metrics system 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0004bbf0-5099-4179-869e-e9ffe5fb0945 Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Microsoft Managed Control 1594 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
11158848-f679-4e9b-aa7b-9fb07d945071 Microsoft Managed Control 1230 - Configuration Management Plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
21e25e01-0ae0-41be-919e-04ce92b8e8b8 Microsoft Managed Control 1596 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
68b250ec-2e4f-4eee-898a-117a9fda7016 Microsoft Managed Control 1597 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6dab4254-c30d-4bb7-ae99-1d21586c063c Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9d79001f-95fe-45d0-8736-f217e78c1f57 Microsoft Managed Control 1233 - Configuration Management Plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Microsoft Managed Control 1598 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ce0167-8ca6-4048-8e6b-f996402e3c1b Configure machines to receive a vulnerability assessment provider Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42a9a714-8fbb-43ac-b115-ea12d2bd652f Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e0414e7-6ef5-4182-8076-aa82fbb53341 Microsoft Managed Control 1595 - Developer Configuration Management Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
244e0c05-cc45-4fe7-bf36-42dcf01f457d Microsoft Managed Control 1231 - Configuration Management Plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
396ba986-eac1-4d6d-85c4-d3fda6b78272 Microsoft Managed Control 1232 - Configuration Management Plan Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
82bf5b87-728b-4a74-ba4d-6123845cf542 Configure Microsoft Defender for Azure Cosmos DB to be enabled Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
766e621d-ba95-4e43-a6f2-e945db3d7888 Setup subscriptions to transition to an alternative vulnerability assessment solution Security Center op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance op.mon.3 Monitoring op.mon.3 Monitoring 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a0c11ca4-5828-4384-a2f2-fd7444dd5b4d Cloud Services (extended support) role instances should be configured securely Security Center op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4df26ba8-026d-45b0-9521-bffa44d741d2 Cloud Services (extended support) role instances should have system updates installed Security Center op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
15fdbc87-8a47-4ee9-a2aa-9a2ea1f37554 Log Analytics agent should be installed on your Cloud Services (extended support) role instances Security Center op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e378679-f122-4a96-a739-a7729c46e1aa Cloud Services (extended support) role instances should have an endpoint protection solution installed Security Center op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.nub.1 Cloud service protection op.nub.1 Cloud service protection 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d2fc426a-4b67-464b-87c9-2134b8762ddf Microsoft Managed Control 1817 - Privacy-Enhanced System Design And Development Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07458826-9325-4481-abaf-bc9ed043459d Microsoft Managed Control 1744 - Risk Management Strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
902908fb-25a8-4225-a3a5-5603c80066c9 Microsoft Managed Control 1550 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
86ec7f9b-9478-40ff-8cfd-6a0d510081a8 Microsoft Managed Control 1589 - External Information System Services | Risk Assessments / Organizational Approvals Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6 Microsoft Managed Control 1807 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70f6af82-7be6-44aa-9b15-8b9231b2e434 Microsoft Managed Control 1541 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6e40d9de-2ad4-4cb5-8945-23143326a502 Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
956b00aa-7977-4214-a0f5-e0428c1f9bff Microsoft Managed Control 1806 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bfe6405-805c-4c9b-a9d3-f209237bb95d Microsoft Managed Control 1802 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
689f7782-ef2c-4270-a6d0-7664869076bd Configure Microsoft Defender CSPM to be enabled Security Center op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66a56404-7b65-4e33-b371-28d069172dd4 Microsoft Managed Control 1743 - Risk Management Strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
65592b16-4367-42c5-a26e-d371be450e17 Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5bbda922-0172-4095-89e6-5b4a0bf03af7 Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5b61f773-2042-46a8-b489-106d850d6d4e Microsoft Managed Control 1814 - Privacy Awareness And Training Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6b04f815-52d7-4ff6-94bf-a4f22c07d5ae Microsoft Managed Control 1809 - Privacy Impact And Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5afa8cab-1ed7-4e40-884c-64e0ac2059cc Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9834600a-668a-482c-9310-a89861b29e06 Microsoft Managed Control 1805 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a36eb487-cbd1-4fe7-a3df-2efc6aa2c2b6 Microsoft Managed Control 1745 - Risk Management Strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fd00b778-b5b5-49c0-a994-734ea7bd3624 Microsoft Managed Control 1543 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f771f8cb-6642-45cc-9a15-8a41cd5c6977 Microsoft Managed Control 1540 - Security Categorization Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f7161f06-5260-4f0f-aeae-4bbfb8612a10 Microsoft Managed Control 1812 - Privacy Monitoring And Auditing Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f3739612-c86c-4b2e-bbe6-0d0869aec19c Microsoft Managed Control 1803 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eab340d0-3d55-4826-a0e5-feebfeb0131d Microsoft Managed Control 1542 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6976a08-d969-4df2-bb38-29556c2eb48a Microsoft Managed Control 1549 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd6120c1-d069-416d-9753-fbe84bca4b01 Microsoft Managed Control 1808 - Privacy Impact And Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6c43097-8552-4279-8b38-7dcabff781d3 Microsoft Managed Control 1819 - Accounting of Disclosures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bf296b8c-f391-4ea4-9198-be3c9d39dd1f Microsoft Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b7897ddc-9716-2460-96f7-7757ad038cc4 Assign risk designations Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b19454ca-0d70-42c0-acf5-ea1c1e5726d1 Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aabb155f-e7a5-4896-a767-e918bfae2ee0 Microsoft Managed Control 1539 - Security Categorization Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d39620a4-95c6-4d4f-8aa4-83c0c6a2c640 Microsoft Managed Control 1818 - Accounting of Disclosures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Microsoft Managed Control 1547 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
58f477bf-287b-43ef-ab49-dffde92130a0 Microsoft Managed Control 1816 - Privacy Reporting Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10984b4e-c93e-48d7-bf20-9c03b04e9eca Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0afb38a3-5e1c-4339-9ab4-df6a3dfc7da2 Microsoft Managed Control 1804 - Governance And Privacy Program Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
106618ad-fe3e-49b4-bfef-01009f6770d8 Microsoft Managed Control 1820 - Accounting of Disclosures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55419419-c597-4cd4-b51e-009fd2266783 Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d7658b2-e827-49c3-a2ae-6d2bd0b45874 Microsoft Managed Control 1538 - Security Categorization Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2ce1ea7e-4038-4e53-82f4-63e8859333c1 Microsoft Managed Control 1546 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5352e3e0-e63a-452e-9e5f-9c1d181cff9c Microsoft Managed Control 1183 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f34f554-da4b-4786-8d66-7915c90893da Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4d1d4ce2-71ea-4578-bbb4-fe76215d45ac Microsoft Managed Control 1811 - Privacy Requirements for Contractors And Service Providers Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4b0d8d1d-7800-4b62-b4bf-6eecde12b2af Microsoft Managed Control 1813 - Privacy Awareness And Training Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ced7c9-cd53-456b-b0da-2522649a4271 Microsoft Managed Control 1544 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43684572-e4f1-4642-af35-6b933bc506da Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20ea0798-d19e-4925-afd0-53d583815818 Microsoft Managed Control 1815 - Privacy Awareness And Training Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3f4b171a-a56b-4328-8112-32cf7f947ee1 Microsoft Managed Control 1545 - Risk Assessment Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a02bf7a-8fb7-4c97-bd55-4a8592764cc8 Microsoft Managed Control 1840 - Minimization of PII Used in Testing, Training, And Research | Risk Minimization Techniques Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
395736bb-aa8b-45f0-b9cc-06af26b2b1d4 Microsoft Managed Control 1810 - Privacy Requirements for Contractors And Service Providers Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
391ff8b3-afed-405e-9f7d-ef2f8168d5da Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
31b752c1-05a9-432a-8fce-c39b56550119 Microsoft Managed Control 1698 - Information System Monitoring | Individuals Posing Greater Risk Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3afe6c78-6124-4d95-b85c-eb8c0c9539cb Microsoft Managed Control 1548 - Vulnerability Scanning Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2ad78b-8748-4bff-a924-f74dfca93f30 Microsoft Managed Control 1613 - Developer Security Architecture And Design Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c1fa9c2f-d439-4ab9-8b83-81fb1934f81d Microsoft Managed Control 1503 - Information Security Architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9e7c35d0-12d4-4e0c-80a2-8a352537aefd Microsoft Managed Control 1504 - Information Security Architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a2037b3d-8b04-4171-8610-e6d4f1d08db5 Microsoft Managed Control 1612 - Developer Security Architecture And Design Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57adc919-9dca-817c-8197-64d812070316 Develop an enterprise architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
35a4102f-a778-4a2e-98c2-971056288df8 Microsoft Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution Service Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9870806c-153f-4fa5-aafa-c5f5eeb72292 Microsoft Managed Control 1741 - Enterprise Architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8154e3b3-cc52-40be-9407-7756581d71f6 Microsoft Managed Control 1614 - Developer Security Architecture And Design Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
813a10a7-3943-4fe3-8678-00dc52db5490 Microsoft Managed Control 1505 - Information Security Architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7a114735-a420-057d-a651-9a73cd0416ef Require developers to provide unified security protection approach Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Require developers to describe accurate security functionality Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance op.pl.2 Security Architecture op.pl.2 Security Architecture 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Review development process, standards and tools Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced291b8-1d3d-7e27-40cf-829e9dd523c8 Review and update the information security architecture Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7422f08-65b4-50e4-3779-d793156e0079 Develop a concept of operations (CONOPS) Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance op.pl.3 Acquisition of new components op.pl.3 Acquisition of new components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
edcc36f1-511b-81e0-7125-abee29752fe7 Manage availability and capacity Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6182bfa7-0f2a-43f5-834a-a2ddf31c13c7 Microsoft Managed Control 1110 - Audit Storage Capacity Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
562afd61-56be-4313-8fe4-b9564aa4ba7d Microsoft Managed Control 1113 - Response To Audit Processing Failures | Audit Storage Capacity Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance op.pl.4 Sizing and capacity management op.pl.4 Sizing and capacity management 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance op.pl.5 Certified components op.pl.5 Certified components 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba02d0a0-566a-25dc-73f1-101c726a19c5 Implement transaction based recovery Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
12af7c7a-92af-9e96-0d0c-5e732d1a3751 Ensure information system fails in known state Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8b077bff-516f-3983-6c42-c86e9a11868b Designate individuals to fulfill specific roles and responsibilities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6baae474-434f-2e91-7163-a72df30c4847 Manage security state of information systems Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance org.1 Security policy org.1 Security policy 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e89436d8-6a93-3b62-4444-1d2a42ad56b2 Reevaluate access upon personnel transfer Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c79d378a-2521-822a-0407-57454f8d2c74 Notify upon termination or transfer Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8a9bb2f-7290-3259-85ce-dca7d521302d Initiate transfer or reassignment actions Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
80a97208-264e-79da-0cc7-4fca179a0c9c Protect against and prevent data theft from departing employees Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
496b407d-9b9e-81e8-4ba4-44bc686b016a Conduct exit interview upon termination Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Discover any indicators of compromise Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e4054c0e-1184-09e6-4c5e-701e0bc90f81 Report atypical behavior of user accounts Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
979ed3b6-83f9-26bc-4b86-5b05464700bf Modify access authorizations upon personnel transfer Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1fdf0b24-4043-3c55-357e-036985d50b52 Ensure security safeguards not needed when the individuals return Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
41172402-8d73-64c7-0921-909083c086b0 Not allow for information systems to accompany with individuals Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance org.2 Security regulations org.2 Security regulations 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84a01872-5318-049e-061e-d56734183e84 Distribute information system documentation Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be1c34ab-295a-07a6-785c-36f63c1d223e Obtain user security function documentation Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Document customer-defined actions Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
62fa14f0-4cbe-762d-5469-0899a99b98aa Explicitly notify use of collaborative computing devices Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5269d7e4-3768-501d-7e46-66c56c15622c Manage contacts for authorities and special interest groups Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e9c60c37-65b0-2d72-6c3c-af66036203ae Review and update contingency planning policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
09960521-759e-5d12-086f-4192a72a5e92 Protect administrator and user documentation Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
678ca228-042d-6d8e-a598-c58d5670437d Prohibit remote activation of collaborative computing devices Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3af53f59-979f-24a8-540f-d7cdbc366607 Require users to sign access agreement Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c981fa70-2e58-8141-1457-e7f62ebc2ade Document organizational access agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e21f91d1-2803-0282-5f2d-26ebc4b170ef Update organizational access agreements Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance org.3 Security procedures org.3 Security procedures 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
dc7ec756-221c-33c8-0afe-c48e10e42321 Verify security controls for external information systems Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
096a7055-30cb-2db4-3fda-41b20ac72667 Require interconnection security agreements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bbb2e6d6-085f-5a35-a55d-e45daad38933 Provide secure name and address resolution services Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ced727b3-005e-3c5b-5cd5-230b79d56ee8 Implement a fault tolerant name/address service Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d48a6f19-a284-6fc6-0623-3367a74d3f50 Update interconnection security agreements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Establish terms and conditions for processing resources Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c93dba1-84fd-57de-33c7-ef0400a08134 Establish terms and conditions for accessing resources Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
36b74844-4a99-4c80-1800-b18a516d1585 Control use of portable storage devices Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6f3866e8-6e12-69cf-788c-809d426094a1 Establish electronic signature and certificate requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Use dedicated machines for administrative tasks Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8a703eb5-4e53-701b-67e4-05ba2f7930c8 Separate user and information system management functionality Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c72fc0c8-2df8-7506-30be-6ba1971747e1 Automate implementation of approved change notifications Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
ef5a7059-6651-73b1-18b3-75b1b79c1565 Define information security roles and responsibilities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7d10debd-4775-85a7-1a41-7e128e0e8c50 Automate process to prohibit implementation of unapproved changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5c33538e-02f8-0a7f-998b-a4c1e22076d3 Govern compliance of cloud service providers Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
575ed5e8-4c29-99d0-0e4d-689fb1d29827 Automate approval request for proposed changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Prevent split tunneling for remote devices Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
874a6f2e-2098-53bc-3a16-20dcdc425a7e Create configuration plan protection Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2e7a98c9-219f-0d58-38dc-d69038224442 Protect the information security program plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
28aa060e-25c7-6121-05d8-a846f11433df Review and update planning policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2067b904-9552-3259-0cdd-84468e284b7c Review and update system maintenance policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
b320aa42-33b4-53af-87ce-100091d48918 Document third-party personnel security requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
afd5d60a-48d2-8073-1ec2-6687e22f2ddd Require notification of third-party personnel transfer or termination Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
a1334a65-2622-28ee-5067-9d7f5b915cc5 Communicate contingency plan changes Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
8b077bff-516f-3983-6c42-c86e9a11868b Designate individuals to fulfill specific roles and responsibilities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6122970b-8d4a-7811-0278-4c6c68f61e4f Restrict media use Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
836f8406-3b8a-11bb-12cb-6c7fa0765668 Develop configuration item identification plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
6baae474-434f-2e91-7163-a72df30c4847 Manage security state of information systems Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
53fc1282-0ee3-2764-1319-e20143bb0ea5 Review contingency plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
14a4fd0a-9100-1e12-1362-792014a28155 Update contingency plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Identify individuals with security roles and responsibilities Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
04837a26-2601-1982-3da7-bf463e6408f4 Develop configuration management plan Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
00f12b6f-10d7-8117-9577-0f2b76488385 Integrate risk management process into SDLC Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Review and update personnel security policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance org.4 Authorization process org.4 Authorization process 404 not found Spain ENS (175daf90-21e1-4fec-b745-7b4c909aa94c)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage PCI_DSS_V3.2.1 1.3.2 PCI_DSS_v3.2.1_1.3.2 PCI DSS v3.2.1 1.3.2 PCI DSS requirement 1.3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_V3.2.1 1.3.2 PCI_DSS_v3.2.1_1.3.2 PCI DSS v3.2.1 1.3.2 PCI DSS requirement 1.3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_V3.2.1 1.3.4 PCI_DSS_v3.2.1_1.3.4 PCI DSS v3.2.1 1.3.4 PCI DSS requirement 1.3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage PCI_DSS_V3.2.1 1.3.4 PCI_DSS_v3.2.1_1.3.4 PCI DSS v3.2.1 1.3.4 PCI DSS requirement 1.3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage PCI_DSS_V3.2.1 10.3 PCI_DSS_V3.2.1_10.3 404 not found PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute PCI_DSS_V3.2.1 10.3 PCI_DSS_V3.2.1_10.3 404 not found PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring PCI_DSS_V3.2.1 10.3 PCI_DSS_V3.2.1_10.3 404 not found PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_V3.2.1 10.3 PCI_DSS_V3.2.1_10.3 404 not found PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring PCI_DSS_V3.2.1 10.5.4 PCI_DSS_v3.2.1_10.5.4 PCI DSS v3.2.1 10.5.4 PCI DSS requirement 10.5.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute PCI_DSS_V3.2.1 10.5.4 PCI_DSS_v3.2.1_10.5.4 PCI DSS v3.2.1 10.5.4 PCI DSS requirement 10.5.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_V3.2.1 10.5.4 PCI_DSS_v3.2.1_10.5.4 PCI DSS v3.2.1 10.5.4 PCI DSS requirement 10.5.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage PCI_DSS_V3.2.1 10.5.4 PCI_DSS_v3.2.1_10.5.4 PCI DSS v3.2.1 10.5.4 PCI DSS requirement 10.5.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_V3.2.1 11.2.1 PCI_DSS_v3.2.1_11.2.1 PCI DSS v3.2.1 11.2.1 PCI DSS requirement 11.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_V3.2.1 11.2.1 PCI_DSS_v3.2.1_11.2.1 PCI DSS v3.2.1 11.2.1 PCI DSS requirement 11.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_V3.2.1 11.2.1 PCI_DSS_v3.2.1_11.2.1 PCI DSS v3.2.1 11.2.1 PCI DSS requirement 11.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_V3.2.1 11.2.1 PCI_DSS_v3.2.1_11.2.1 PCI DSS v3.2.1 11.2.1 PCI DSS requirement 11.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_V3.2.1 11.2.1 PCI_DSS_v3.2.1_11.2.1 PCI DSS v3.2.1 11.2.1 PCI DSS requirement 11.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 3.2 PCI_DSS_v3.2.1_3.2 PCI DSS v3.2.1 3.2 PCI DSS requirement 3.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 3.4 PCI_DSS_v3.2.1_3.4 PCI DSS v3.2.1 3.4 PCI DSS requirement 3.4 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_V3.2.1 4.1 PCI_DSS_v3.2.1_4.1 PCI DSS v3.2.1 4.1 PCI DSS requirement 4.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_V3.2.1 5.1 PCI_DSS_v3.2.1_5.1 PCI DSS v3.2.1 5.1 PCI DSS requirement 5.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_V3.2.1 5.1 PCI_DSS_v3.2.1_5.1 PCI DSS v3.2.1 5.1 PCI DSS requirement 5.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_V3.2.1 5.1 PCI_DSS_v3.2.1_5.1 PCI DSS v3.2.1 5.1 PCI DSS requirement 5.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_V3.2.1 5.1 PCI_DSS_v3.2.1_5.1 PCI DSS v3.2.1 5.1 PCI DSS requirement 5.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_V3.2.1 5.1 PCI_DSS_v3.2.1_5.1 PCI DSS v3.2.1 5.1 PCI DSS requirement 5.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_V3.2.1 6.2 PCI_DSS_v3.2.1_6.2 PCI DSS v3.2.1 6.2 PCI DSS requirement 6.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_V3.2.1 6.2 PCI_DSS_v3.2.1_6.2 PCI DSS v3.2.1 6.2 PCI DSS requirement 6.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_V3.2.1 6.2 PCI_DSS_v3.2.1_6.2 PCI DSS v3.2.1 6.2 PCI DSS requirement 6.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_V3.2.1 6.2 PCI_DSS_v3.2.1_6.2 PCI DSS v3.2.1 6.2 PCI DSS requirement 6.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_V3.2.1 6.2 PCI_DSS_v3.2.1_6.2 PCI DSS v3.2.1 6.2 PCI DSS requirement 6.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_V3.2.1 6.5.3 PCI_DSS_v3.2.1_6.5.3 PCI DSS v3.2.1 6.5.3 PCI DSS requirement 6.5.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_V3.2.1 6.6 PCI_DSS_v3.2.1_6.6 PCI DSS v3.2.1 6.6 PCI DSS requirement 6.6 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_V3.2.1 6.6 PCI_DSS_v3.2.1_6.6 PCI DSS v3.2.1 6.6 PCI DSS requirement 6.6 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_V3.2.1 6.6 PCI_DSS_v3.2.1_6.6 PCI DSS v3.2.1 6.6 PCI DSS requirement 6.6 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_V3.2.1 6.6 PCI_DSS_v3.2.1_6.6 PCI DSS v3.2.1 6.6 PCI DSS requirement 6.6 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_V3.2.1 6.6 PCI_DSS_v3.2.1_6.6 PCI DSS v3.2.1 6.6 PCI DSS requirement 6.6 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_V3.2.1 7.1.1 PCI_DSS_v3.2.1_7.1.1 PCI DSS v3.2.1 7.1.1 PCI DSS requirement 7.1.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_V3.2.1 7.1.1 PCI_DSS_v3.2.1_7.1.1 PCI DSS v3.2.1 7.1.1 PCI DSS requirement 7.1.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_V3.2.1 7.1.2 PCI_DSS_v3.2.1_7.1.2 PCI DSS v3.2.1 7.1.2 PCI DSS requirement 7.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_V3.2.1 7.1.2 PCI_DSS_v3.2.1_7.1.2 PCI DSS v3.2.1 7.1.2 PCI DSS requirement 7.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_V3.2.1 7.1.3 PCI_DSS_v3.2.1_7.1.3 PCI DSS v3.2.1 7.1.3 PCI DSS requirement 7.1.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_V3.2.1 7.1.3 PCI_DSS_v3.2.1_7.1.3 PCI DSS v3.2.1 7.1.3 PCI DSS requirement 7.1.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 7.2.1 PCI_DSS_v3.2.1_7.2.1 PCI DSS v3.2.1 7.2.1 PCI DSS requirement 7.2.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.2 PCI_DSS_v3.2.1_8.1.2 PCI DSS v3.2.1 8.1.2 PCI DSS requirement 8.1.2 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.3 PCI_DSS_v3.2.1_8.1.3 PCI DSS v3.2.1 8.1.3 PCI DSS requirement 8.1.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.3 PCI_DSS_v3.2.1_8.1.3 PCI DSS v3.2.1 8.1.3 PCI DSS requirement 8.1.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.1.5 PCI_DSS_v3.2.1_8.1.5 PCI DSS v3.2.1 8.1.5 PCI DSS requirement 8.1.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration PCI_DSS_V3.2.1 8.2.3 PCI_DSS_v3.2.1_8.2.3 PCI DSS v3.2.1 8.2.3 PCI DSS requirement 8.2.3 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration PCI_DSS_V3.2.1 8.2.5 PCI_DSS_v3.2.1_8.2.5 PCI DSS v3.2.1 8.2.5 PCI DSS requirement 8.2.5 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center PCI_DSS_V3.2.1 8.3.1 PCI_DSS_v3.2.1_8.3.1 PCI DSS v3.2.1 8.3.1 PCI DSS requirement 8.3.1 PCI v3.2.1:2018 (496eeda9-8f2f-4d5e-8dfd-204f0a92ed41)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance PCI_DSS_v4.0 1.1.1 PCI_DSS_v4.0_1.1.1 PCI DSS v4.0 1.1.1 Processes and mechanisms for installing and maintaining network security controls are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 1.1.1 PCI_DSS_v4.0_1.1.1 PCI DSS v4.0 1.1.1 Processes and mechanisms for installing and maintaining network security controls are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance PCI_DSS_v4.0 1.2.1 PCI_DSS_v4.0_1.2.1 PCI DSS v4.0 1.2.1 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 1.2.2 PCI_DSS_v4.0_1.2.2 PCI DSS v4.0 1.2.2 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance PCI_DSS_v4.0 1.2.3 PCI_DSS_v4.0_1.2.3 PCI DSS v4.0 1.2.3 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance PCI_DSS_v4.0 1.2.4 PCI_DSS_v4.0_1.2.4 PCI DSS v4.0 1.2.4 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
46ab2c5e-6654-1f58-8c83-e97a44f39308 Identify external service providers Regulatory Compliance PCI_DSS_v4.0 1.2.5 PCI_DSS_v4.0_1.2.5 PCI DSS v4.0 1.2.5 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f6da5cca-5795-60ff-49e1-4972567815fe Require developer to identify SDLC ports, protocols, and services Regulatory Compliance PCI_DSS_v4.0 1.2.5 PCI_DSS_v4.0_1.2.5 PCI DSS v4.0 1.2.5 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 1.2.8 PCI_DSS_v4.0_1.2.8 PCI DSS v4.0 1.2.8 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8cd815bf-97e1-5144-0735-11f6ddb50a59 Enforce and audit access restrictions Regulatory Compliance PCI_DSS_v4.0 1.2.8 PCI_DSS_v4.0_1.2.8 PCI DSS v4.0 1.2.8 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c246d146-82b0-301f-32e7-1065dcd248b7 Review changes for any unauthorized changes Regulatory Compliance PCI_DSS_v4.0 1.2.8 PCI_DSS_v4.0_1.2.8 PCI DSS v4.0 1.2.8 Network security controls (NSCs) are configured and maintained PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage PCI_DSS_v4.0 1.3.2 PCI_DSS_v4.0_1.3.2 PCI DSS v4.0 1.3.2 Network access to and from the cardholder data environment is restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_v4.0 1.3.2 PCI_DSS_v4.0_1.3.2 PCI DSS v4.0 1.3.2 Network access to and from the cardholder data environment is restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 1.3.3 PCI_DSS_v4.0_1.3.3 PCI DSS v4.0 1.3.3 Network access to and from the cardholder data environment is restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 1.3.3 PCI_DSS_v4.0_1.3.3 PCI DSS v4.0 1.3.3 Network access to and from the cardholder data environment is restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance PCI_DSS_v4.0 1.4.1 PCI_DSS_v4.0_1.4.1 PCI DSS v4.0 1.4.1 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage PCI_DSS_v4.0 1.4.2 PCI_DSS_v4.0_1.4.2 PCI DSS v4.0 1.4.2 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance PCI_DSS_v4.0 1.4.3 PCI_DSS_v4.0_1.4.3 PCI DSS v4.0 1.4.3 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance PCI_DSS_v4.0 1.4.3 PCI_DSS_v4.0_1.4.3 PCI DSS v4.0 1.4.3 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance PCI_DSS_v4.0 1.4.4 PCI_DSS_v4.0_1.4.4 PCI DSS v4.0 1.4.4 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance PCI_DSS_v4.0 1.4.4 PCI_DSS_v4.0_1.4.4 PCI DSS v4.0 1.4.4 Network connections between trusted and untrusted networks are controlled PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance PCI_DSS_v4.0 1.5.1 PCI_DSS_v4.0_1.5.1 PCI DSS v4.0 1.5.1 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.1.1 PCI_DSS_v4.0_10.1.1 PCI DSS v4.0 10.1.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance PCI_DSS_v4.0 10.1.1 PCI_DSS_v4.0_10.1.1 PCI DSS v4.0 10.1.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.1.1 PCI_DSS_v4.0_10.1.1 PCI DSS v4.0 10.1.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a28323fe-276d-3787-32d2-cef6395764c4 Develop audit and accountability policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.1.1 PCI_DSS_v4.0_10.1.1 PCI DSS v4.0 10.1.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1 PCI_DSS_v4.0_10.2.1 PCI DSS v4.0 10.2.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.2.1 PCI_DSS_v4.0_10.2.1 PCI DSS v4.0 10.2.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1 PCI_DSS_v4.0_10.2.1 PCI DSS v4.0 10.2.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance PCI_DSS_v4.0 10.2.1 PCI_DSS_v4.0_10.2.1 PCI DSS v4.0 10.2.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.1 PCI_DSS_v4.0_10.2.1.1 PCI DSS v4.0 10.2.1.1 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.2.1.2 PCI_DSS_v4.0_10.2.1.2 PCI DSS v4.0 10.2.1.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.3 PCI_DSS_v4.0_10.2.1.3 PCI DSS v4.0 10.2.1.3 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.4 PCI_DSS_v4.0_10.2.1.4 PCI DSS v4.0 10.2.1.4 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance PCI_DSS_v4.0 10.2.1.5 PCI_DSS_v4.0_10.2.1.5 PCI DSS v4.0 10.2.1.5 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.2.1.6 PCI_DSS_v4.0_10.2.1.6 PCI DSS v4.0 10.2.1.6 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.1.7 PCI_DSS_v4.0_10.2.1.7 PCI DSS v4.0 10.2.1.7 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute PCI_DSS_v4.0 10.2.2 PCI_DSS_v4.0_10.2.2 PCI DSS v4.0 10.2.2 Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance PCI_DSS_v4.0 10.3.1 PCI_DSS_v4.0_10.3.1 PCI DSS v4.0 10.3.1 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance PCI_DSS_v4.0 10.3.1 PCI_DSS_v4.0_10.3.1 PCI DSS v4.0 10.3.1 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance PCI_DSS_v4.0 10.3.2 PCI_DSS_v4.0_10.3.2 PCI DSS v4.0 10.3.2 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance PCI_DSS_v4.0 10.3.2 PCI_DSS_v4.0_10.3.2 PCI DSS v4.0 10.3.2 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL PCI_DSS_v4.0 10.3.3 PCI_DSS_v4.0_10.3.3 PCI DSS v4.0 10.3.3 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance PCI_DSS_v4.0 10.3.4 PCI_DSS_v4.0_10.3.4 PCI DSS v4.0 10.3.4 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance PCI_DSS_v4.0 10.3.4 PCI_DSS_v4.0_10.3.4 PCI DSS v4.0 10.3.4 Audit logs are protected from destruction and unauthorized modifications PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.1 PCI_DSS_v4.0_10.4.1 PCI DSS v4.0 10.4.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.1.1 PCI_DSS_v4.0_10.4.1.1 PCI DSS v4.0 10.4.1.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.2 PCI_DSS_v4.0_10.4.2 PCI DSS v4.0 10.4.2 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.2.1 PCI_DSS_v4.0_10.4.2.1 PCI DSS v4.0 10.4.2.1 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance PCI_DSS_v4.0 10.4.3 PCI_DSS_v4.0_10.4.3 PCI DSS v4.0 10.4.3 Audit logs are reviewed to identify anomalies or suspicious activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 10.5.1 PCI_DSS_v4.0_10.5.1 PCI DSS v4.0 10.5.1 Audit log history is retained and available for analysis PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance PCI_DSS_v4.0 10.5.1 PCI_DSS_v4.0_10.5.1 PCI DSS v4.0 10.5.1 Audit log history is retained and available for analysis PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance PCI_DSS_v4.0 10.5.1 PCI_DSS_v4.0_10.5.1 PCI DSS v4.0 10.5.1 Audit log history is retained and available for analysis PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance PCI_DSS_v4.0 10.6.1 PCI_DSS_v4.0_10.6.1 PCI DSS v4.0 10.6.1 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ee4c7eb-480a-0007-77ff-4ba370776266 Use system clocks for audit records Regulatory Compliance PCI_DSS_v4.0 10.6.2 PCI_DSS_v4.0_10.6.2 PCI DSS v4.0 10.6.2 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8eea8c14-4d93-63a3-0c82-000343ee5204 Conduct a full text analysis of logged privileged commands Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 10.6.3 PCI_DSS_v4.0_10.6.3 PCI DSS v4.0 10.6.3 Time-synchronization mechanisms support consistent time settings across all systems PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance PCI_DSS_v4.0 10.7.1 PCI_DSS_v4.0_10.7.1 PCI DSS v4.0 10.7.1 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance PCI_DSS_v4.0 10.7.2 PCI_DSS_v4.0_10.7.2 PCI DSS v4.0 10.7.2 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance PCI_DSS_v4.0 10.7.3 PCI_DSS_v4.0_10.7.3 PCI DSS v4.0 10.7.3 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance PCI_DSS_v4.0 10.7.3 PCI_DSS_v4.0_10.7.3 PCI DSS v4.0 10.7.3 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance PCI_DSS_v4.0 10.7.3 PCI_DSS_v4.0_10.7.3 PCI DSS v4.0 10.7.3 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance PCI_DSS_v4.0 10.7.3 PCI_DSS_v4.0_10.7.3 PCI DSS v4.0 10.7.3 Failures of critical security control systems are detected, reported, and responded to promptly PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a4493012-908c-5f48-a468-1e243be884ce Review security assessment and authorization policies and procedures Regulatory Compliance PCI_DSS_v4.0 11.1.1 PCI_DSS_v4.0_11.1.1 PCI DSS v4.0 11.1.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 11.1.1 PCI_DSS_v4.0_11.1.1 PCI DSS v4.0 11.1.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance PCI_DSS_v4.0 11.1.1 PCI_DSS_v4.0_11.1.1 PCI DSS v4.0 11.1.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 11.2.2 PCI_DSS_v4.0_11.2.2 PCI DSS v4.0 11.2.2 Wireless access points are identified and monitored, and unauthorized wireless access points are addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 11.2.2 PCI_DSS_v4.0_11.2.2 PCI DSS v4.0 11.2.2 Wireless access points are identified and monitored, and unauthorized wireless access points are addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.1 PCI_DSS_v4.0_11.3.1 PCI DSS v4.0 11.3.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.1.1 PCI_DSS_v4.0_11.3.1.1 PCI DSS v4.0 11.3.1.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.1.1 PCI_DSS_v4.0_11.3.1.1 PCI DSS v4.0 11.3.1.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.1.3 PCI_DSS_v4.0_11.3.1.3 PCI DSS v4.0 11.3.1.3 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.1.3 PCI_DSS_v4.0_11.3.1.3 PCI DSS v4.0 11.3.1.3 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.2 PCI_DSS_v4.0_11.3.2 PCI DSS v4.0 11.3.2 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.2 PCI_DSS_v4.0_11.3.2 PCI DSS v4.0 11.3.2 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 11.3.2.1 PCI_DSS_v4.0_11.3.2.1 PCI DSS v4.0 11.3.2.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 11.3.2.1 PCI_DSS_v4.0_11.3.2.1 PCI DSS v4.0 11.3.2.1 External and internal vulnerabilities are regularly identified, prioritized, and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance PCI_DSS_v4.0 11.4.1 PCI_DSS_v4.0_11.4.1 PCI DSS v4.0 11.4.1 External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance PCI_DSS_v4.0 11.4.3 PCI_DSS_v4.0_11.4.3 PCI DSS v4.0 11.4.3 External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance PCI_DSS_v4.0 11.5.1.1 PCI_DSS_v4.0_11.5.1.1 PCI DSS v4.0 11.5.1.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 11.5.1.1 PCI_DSS_v4.0_11.5.1.1 PCI DSS v4.0 11.5.1.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance PCI_DSS_v4.0 11.5.1.1 PCI_DSS_v4.0_11.5.1.1 PCI DSS v4.0 11.5.1.1 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance PCI_DSS_v4.0 11.5.2 PCI_DSS_v4.0_11.5.2 PCI DSS v4.0 11.5.2 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance PCI_DSS_v4.0 11.5.2 PCI_DSS_v4.0_11.5.2 PCI DSS v4.0 11.5.2 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance PCI_DSS_v4.0 11.5.2 PCI_DSS_v4.0_11.5.2 PCI DSS v4.0 11.5.2 Network intrusions and unexpected file changes are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance PCI_DSS_v4.0 11.6.1 PCI_DSS_v4.0_11.6.1 PCI DSS v4.0 11.6.1 Unauthorized changes on payment pages are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance PCI_DSS_v4.0 11.6.1 PCI_DSS_v4.0_11.6.1 PCI DSS v4.0 11.6.1 Unauthorized changes on payment pages are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance PCI_DSS_v4.0 11.6.1 PCI_DSS_v4.0_11.6.1 PCI DSS v4.0 11.6.1 Unauthorized changes on payment pages are detected and responded to PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance PCI_DSS_v4.0 12.1.2 PCI_DSS_v4.0_12.1.2 PCI DSS v4.0 12.1.2 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance PCI_DSS_v4.0 12.1.2 PCI_DSS_v4.0_12.1.2 PCI DSS v4.0 12.1.2 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance PCI_DSS_v4.0 12.1.4 PCI_DSS_v4.0_12.1.4 PCI DSS v4.0 12.1.4 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance PCI_DSS_v4.0 12.10.2 PCI_DSS_v4.0_12.10.2 PCI DSS v4.0 12.10.2 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance PCI_DSS_v4.0 12.10.4 PCI_DSS_v4.0_12.10.4 PCI DSS v4.0 12.10.4 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance PCI_DSS_v4.0 12.10.4.1 PCI_DSS_v4.0_12.10.4.1 PCI DSS v4.0 12.10.4.1 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance PCI_DSS_v4.0 12.10.5 PCI_DSS_v4.0_12.10.5 PCI DSS v4.0 12.10.5 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance PCI_DSS_v4.0 12.10.5 PCI_DSS_v4.0_12.10.5 PCI DSS v4.0 12.10.5 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.5 PCI_DSS_v4.0_12.10.5 PCI DSS v4.0 12.10.5 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.6 PCI_DSS_v4.0_12.10.6 PCI DSS v4.0 12.10.6 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance PCI_DSS_v4.0 12.10.6 PCI_DSS_v4.0_12.10.6 PCI DSS v4.0 12.10.6 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance PCI_DSS_v4.0 12.10.7 PCI_DSS_v4.0_12.10.7 PCI DSS v4.0 12.10.7 Suspected and confirmed security incidents that could impact the CDE are responded to immediately PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Acceptable use policies for end-user technologies are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
725164e5-3b21-1ec2-7e42-14f077862841 Require compliance with intellectual property rights Regulatory Compliance PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Acceptable use policies for end-user technologies are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
77cc89bb-774f-48d7-8a84-fb8c322c3000 Track software license usage Regulatory Compliance PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Acceptable use policies for end-user technologies are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Acceptable use policies for end-user technologies are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 12.3.1 PCI_DSS_v4.0_12.3.1 PCI DSS v4.0 12.3.1 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance PCI_DSS_v4.0 12.3.1 PCI_DSS_v4.0_12.3.1 PCI DSS v4.0 12.3.1 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance PCI_DSS_v4.0 12.3.1 PCI_DSS_v4.0_12.3.1 PCI DSS v4.0 12.3.1 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance PCI_DSS_v4.0 12.3.1 PCI_DSS_v4.0_12.3.1 PCI DSS v4.0 12.3.1 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 12.3.2 PCI_DSS_v4.0_12.3.2 PCI DSS v4.0 12.3.2 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance PCI_DSS_v4.0 12.3.2 PCI_DSS_v4.0_12.3.2 PCI DSS v4.0 12.3.2 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance PCI_DSS_v4.0 12.3.2 PCI_DSS_v4.0_12.3.2 PCI DSS v4.0 12.3.2 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance PCI_DSS_v4.0 12.3.2 PCI_DSS_v4.0_12.3.2 PCI DSS v4.0 12.3.2 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 12.3.4 PCI_DSS_v4.0_12.3.4 PCI DSS v4.0 12.3.4 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance PCI_DSS_v4.0 12.3.4 PCI_DSS_v4.0_12.3.4 PCI DSS v4.0 12.3.4 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance PCI_DSS_v4.0 12.3.4 PCI_DSS_v4.0_12.3.4 PCI DSS v4.0 12.3.4 Risks to the cardholder data environment are formally identified, evaluated, and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e400494-53a5-5147-6f4d-718b539c7394 Manage compliance activities Regulatory Compliance PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cc057769-01d9-95ad-a36f-1e62a7f9540b Update POA&M items Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
477bd136-7dd9-55f8-48ac-bae096b86a07 Develop POA&M Regulatory Compliance PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 PCI DSS compliance is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance PCI_DSS_v4.0 12.5.2 PCI_DSS_v4.0_12.5.2 PCI DSS v4.0 12.5.2 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance PCI_DSS_v4.0 12.5.2.1 PCI_DSS_v4.0_12.5.2.1 PCI DSS v4.0 12.5.2.1 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance PCI_DSS_v4.0 12.5.2.1 PCI_DSS_v4.0_12.5.2.1 PCI DSS v4.0 12.5.2.1 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5226dee6-3420-711b-4709-8e675ebd828f Update information security policies Regulatory Compliance PCI_DSS_v4.0 12.5.3 PCI_DSS_v4.0_12.5.3 PCI DSS v4.0 12.5.3 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance PCI_DSS_v4.0 12.5.3 PCI_DSS_v4.0_12.5.3 PCI DSS v4.0 12.5.3 PCI DSS scope is documented and validated PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance PCI_DSS_v4.0 12.6.1 PCI_DSS_v4.0_12.6.1 PCI DSS v4.0 12.6.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b544f797-a73b-1be3-6d01-6b1a085376bc Establish information security workforce development and improvement program Regulatory Compliance PCI_DSS_v4.0 12.6.1 PCI_DSS_v4.0_12.6.1 PCI DSS v4.0 12.6.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance PCI_DSS_v4.0 12.6.2 PCI_DSS_v4.0_12.6.2 PCI DSS v4.0 12.6.2 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance PCI_DSS_v4.0 12.6.3 PCI_DSS_v4.0_12.6.3 PCI DSS v4.0 12.6.3 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
35de8462-03ff-45b3-5746-9d4603c74c56 Implement an insider threat program Regulatory Compliance PCI_DSS_v4.0 12.6.3.1 PCI_DSS_v4.0_12.6.3.1 PCI DSS v4.0 12.6.3.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance PCI_DSS_v4.0 12.6.3.1 PCI_DSS_v4.0_12.6.3.1 PCI DSS v4.0 12.6.3.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
015b4935-448a-8684-27c0-d13086356c33 Implement a threat awareness program Regulatory Compliance PCI_DSS_v4.0 12.6.3.1 PCI_DSS_v4.0_12.6.3.1 PCI DSS v4.0 12.6.3.1 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance PCI_DSS_v4.0 12.6.3.2 PCI_DSS_v4.0_12.6.3.2 PCI DSS v4.0 12.6.3.2 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance PCI_DSS_v4.0 12.6.3.2 PCI_DSS_v4.0_12.6.3.2 PCI DSS v4.0 12.6.3.2 Security awareness education is an ongoing activity PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance PCI_DSS_v4.0 12.7.1 PCI_DSS_v4.0_12.7.1 PCI DSS v4.0 12.7.1 Personnel are screened to reduce risks from insider threats PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance PCI_DSS_v4.0 12.7.1 PCI_DSS_v4.0_12.7.1 PCI DSS v4.0 12.7.1 Personnel are screened to reduce risks from insider threats PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance PCI_DSS_v4.0 12.7.1 PCI_DSS_v4.0_12.7.1 PCI DSS v4.0 12.7.1 Personnel are screened to reduce risks from insider threats PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.8.1 PCI_DSS_v4.0_12.8.1 PCI DSS v4.0 12.8.1 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.8.3 PCI_DSS_v4.0_12.8.3 PCI DSS v4.0 12.8.3 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ca6d7878-3189-1833-4620-6c7254ed1607 Obtain continuous monitoring plan for security controls Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance PCI_DSS_v4.0 12.8.4 PCI_DSS_v4.0_12.8.4 PCI DSS v4.0 12.8.4 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
44b71aa8-099d-8b97-1557-0e853ec38e0d Obtain functional properties of security controls Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
22a02c9a-49e4-5dc9-0d14-eb35ad717154 Obtain design and implementation information for the security controls Regulatory Compliance PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Risk to information assets associated with third-party service provider (TPSP) relationships is managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.9.1 PCI_DSS_v4.0_12.9.1 PCI DSS v4.0 12.9.1 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance PCI_DSS_v4.0 12.9.1 PCI_DSS_v4.0_12.9.1 PCI DSS v4.0 12.9.1 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance PCI_DSS_v4.0 12.9.1 PCI_DSS_v4.0_12.9.1 PCI DSS v4.0 12.9.1 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance PCI_DSS_v4.0 12.9.2 PCI_DSS_v4.0_12.9.2 PCI DSS v4.0 12.9.2 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance PCI_DSS_v4.0 12.9.2 PCI_DSS_v4.0_12.9.2 PCI DSS v4.0 12.9.2 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance PCI_DSS_v4.0 12.9.2 PCI_DSS_v4.0_12.9.2 PCI DSS v4.0 12.9.2 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance PCI_DSS_v4.0 2.1.1 PCI_DSS_v4.0_2.1.1 PCI DSS v4.0 2.1.1 Processes and mechanisms for applying secure configurations to all system components are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance PCI_DSS_v4.0 2.2.1 PCI_DSS_v4.0_2.2.1 PCI DSS v4.0 2.2.1 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4aacaec9-0628-272c-3e83-0d68446694e0 Manage Authenticators Regulatory Compliance PCI_DSS_v4.0 2.2.2 PCI_DSS_v4.0_2.2.2 PCI DSS v4.0 2.2.2 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 2.2.5 PCI_DSS_v4.0_2.2.5 PCI DSS v4.0 2.2.5 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance PCI_DSS_v4.0 2.2.5 PCI_DSS_v4.0_2.2.5 PCI DSS v4.0 2.2.5 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Implement cryptographic mechanisms Regulatory Compliance PCI_DSS_v4.0 2.2.7 PCI_DSS_v4.0_2.2.7 PCI DSS v4.0 2.2.7 System components are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 2.3.1 PCI_DSS_v4.0_2.3.1 PCI DSS v4.0 2.3.1 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 2.3.1 PCI_DSS_v4.0_2.3.1 PCI DSS v4.0 2.3.1 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 2.3.1 PCI_DSS_v4.0_2.3.1 PCI DSS v4.0 2.3.1 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 2.3.2 PCI_DSS_v4.0_2.3.2 PCI DSS v4.0 2.3.2 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 2.3.2 PCI_DSS_v4.0_2.3.2 PCI DSS v4.0 2.3.2 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 2.3.2 PCI_DSS_v4.0_2.3.2 PCI DSS v4.0 2.3.2 Wireless environments are configured and managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance PCI_DSS_v4.0 3.1.1 PCI_DSS_v4.0_3.1.1 PCI DSS v4.0 3.1.1 Processes and mechanisms for protecting stored account data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
96333008-988d-4add-549b-92b3a8c42063 Update privacy plan, policies, and procedures Regulatory Compliance PCI_DSS_v4.0 3.1.1 PCI_DSS_v4.0_3.1.1 PCI DSS v4.0 3.1.1 Processes and mechanisms for protecting stored account data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 3.1.1 PCI_DSS_v4.0_3.1.1 PCI DSS v4.0 3.1.1 Processes and mechanisms for protecting stored account data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 3.2.1 PCI_DSS_v4.0_3.2.1 PCI DSS v4.0 3.2.1 Storage of account data is kept to a minimum PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.1 PCI_DSS_v4.0_3.3.1 PCI DSS v4.0 3.3.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 3.3.1.1 PCI_DSS_v4.0_3.3.1.1 PCI DSS v4.0 3.3.1.1 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.1.2 PCI_DSS_v4.0_3.3.1.2 PCI DSS v4.0 3.3.1.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.1.3 PCI_DSS_v4.0_3.3.1.3 PCI DSS v4.0 3.3.1.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance PCI_DSS_v4.0 3.3.2 PCI_DSS_v4.0_3.3.2 PCI DSS v4.0 3.3.2 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance PCI_DSS_v4.0 3.3.3 PCI_DSS_v4.0_3.3.3 PCI DSS v4.0 3.3.3 Sensitive authentication data (SAD) is not stored after authorization PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.4.1 PCI_DSS_v4.0_3.4.1 PCI DSS v4.0 3.4.1 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.4.1 PCI_DSS_v4.0_3.4.1 PCI DSS v4.0 3.4.1 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.4.1 PCI_DSS_v4.0_3.4.1 PCI DSS v4.0 3.4.1 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance PCI_DSS_v4.0 3.4.2 PCI_DSS_v4.0_3.4.2 PCI DSS v4.0 3.4.2 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance PCI_DSS_v4.0 3.4.2 PCI_DSS_v4.0_3.4.2 PCI DSS v4.0 3.4.2 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance PCI_DSS_v4.0 3.4.2 PCI_DSS_v4.0_3.4.2 PCI DSS v4.0 3.4.2 Access to displays of full PAN and ability to copy cardholder data are restricted PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance PCI_DSS_v4.0 3.5.1 PCI_DSS_v4.0_3.5.1 PCI DSS v4.0 3.5.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 3.5.1.1 PCI_DSS_v4.0_3.5.1.1 PCI DSS v4.0 3.5.1.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 3.5.1.1 PCI_DSS_v4.0_3.5.1.1 PCI DSS v4.0 3.5.1.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance PCI_DSS_v4.0 3.5.1.1 PCI_DSS_v4.0_3.5.1.1 PCI DSS v4.0 3.5.1.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance PCI_DSS_v4.0 3.5.1.1 PCI_DSS_v4.0_3.5.1.1 PCI DSS v4.0 3.5.1.1 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance PCI_DSS_v4.0 3.5.1.2 PCI_DSS_v4.0_3.5.1.2 PCI DSS v4.0 3.5.1.2 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance PCI_DSS_v4.0 3.5.1.2 PCI_DSS_v4.0_3.5.1.2 PCI DSS v4.0 3.5.1.2 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 3.5.1.2 PCI_DSS_v4.0_3.5.1.2 PCI DSS v4.0 3.5.1.2 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 3.5.1.2 PCI_DSS_v4.0_3.5.1.2 PCI DSS v4.0 3.5.1.2 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance PCI_DSS_v4.0 3.5.1.3 PCI_DSS_v4.0_3.5.1.3 PCI DSS v4.0 3.5.1.3 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance PCI_DSS_v4.0 3.5.1.3 PCI_DSS_v4.0_3.5.1.3 PCI DSS v4.0 3.5.1.3 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 3.5.1.3 PCI_DSS_v4.0_3.5.1.3 PCI DSS v4.0 3.5.1.3 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 3.5.1.3 PCI_DSS_v4.0_3.5.1.3 PCI DSS v4.0 3.5.1.3 Primary account number (PAN) is secured wherever it is stored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1 PCI_DSS_v4.0_3.6.1 PCI DSS v4.0 3.6.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1.1 PCI_DSS_v4.0_3.6.1.1 PCI DSS v4.0 3.6.1.1 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.2 PCI_DSS_v4.0_3.6.1.2 PCI DSS v4.0 3.6.1.2 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.3 PCI_DSS_v4.0_3.6.1.3 PCI DSS v4.0 3.6.1.3 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.6.1.4 PCI_DSS_v4.0_3.6.1.4 PCI DSS v4.0 3.6.1.4 Cryptographic keys used to protect stored account data are secured PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.1 PCI_DSS_v4.0_3.7.1 PCI DSS v4.0 3.7.1 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.2 PCI_DSS_v4.0_3.7.2 PCI DSS v4.0 3.7.2 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.3 PCI_DSS_v4.0_3.7.3 PCI DSS v4.0 3.7.3 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.4 PCI_DSS_v4.0_3.7.4 PCI DSS v4.0 3.7.4 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.5 PCI_DSS_v4.0_3.7.5 PCI DSS v4.0 3.7.5 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.6 PCI_DSS_v4.0_3.7.6 PCI DSS v4.0 3.7.6 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.7 PCI_DSS_v4.0_3.7.7 PCI DSS v4.0 3.7.7 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.8 PCI_DSS_v4.0_3.7.8 PCI DSS v4.0 3.7.8 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 3.7.9 PCI_DSS_v4.0_3.7.9 PCI DSS v4.0 3.7.9 Where cryptography is used to protect stored account data, key management processes and procedures covering all aspects of the key lifecycle are defined and implemented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
adf517f3-6dcd-3546-9928-34777d0c277e Review and update system and communications protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 4.1.1 PCI_DSS_v4.0_4.1.1 PCI DSS v4.0 4.1.1 Processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open, public networks are defined and documented PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 4.2.1 PCI_DSS_v4.0_4.2.1 PCI DSS v4.0 4.2.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance PCI_DSS_v4.0 4.2.1.1 PCI_DSS_v4.0_4.2.1.1 PCI DSS v4.0 4.2.1.1 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance PCI_DSS_v4.0 4.2.1.2 PCI_DSS_v4.0_4.2.1.2 PCI DSS v4.0 4.2.1.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance PCI_DSS_v4.0 4.2.1.2 PCI_DSS_v4.0_4.2.1.2 PCI DSS v4.0 4.2.1.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 4.2.1.2 PCI_DSS_v4.0_4.2.1.2 PCI DSS v4.0 4.2.1.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance PCI_DSS_v4.0 4.2.2 PCI_DSS_v4.0_4.2.2 PCI DSS v4.0 4.2.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance PCI_DSS_v4.0 4.2.2 PCI_DSS_v4.0_4.2.2 PCI DSS v4.0 4.2.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance PCI_DSS_v4.0 4.2.2 PCI_DSS_v4.0_4.2.2 PCI DSS v4.0 4.2.2 PAN is protected with strong cryptography during transmission PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6bededc0-2985-54d5-4158-eb8bad8070a0 Review and update information integrity policies and procedures Regulatory Compliance PCI_DSS_v4.0 5.1.1 PCI_DSS_v4.0_5.1.1 PCI DSS v4.0 5.1.1 Processes and mechanisms for protecting all systems and networks from malicious software are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.2.1 PCI_DSS_v4.0_5.2.1 PCI DSS v4.0 5.2.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_v4.0 5.2.2 PCI_DSS_v4.0_5.2.2 PCI DSS v4.0 5.2.2 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.2.3 PCI_DSS_v4.0_5.2.3 PCI DSS v4.0 5.2.3 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 5.2.3.1 PCI_DSS_v4.0_5.2.3.1 PCI DSS v4.0 5.2.3.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance PCI_DSS_v4.0 5.2.3.1 PCI_DSS_v4.0_5.2.3.1 PCI DSS v4.0 5.2.3.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance PCI_DSS_v4.0 5.2.3.1 PCI_DSS_v4.0_5.2.3.1 PCI DSS v4.0 5.2.3.1 Malicious software (malware) is prevented, or detected and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.3.1 PCI_DSS_v4.0_5.3.1 PCI DSS v4.0 5.3.1 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.3.3 PCI_DSS_v4.0_5.3.3 PCI DSS v4.0 5.3.3 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance PCI_DSS_v4.0 5.3.4 PCI_DSS_v4.0_5.3.4 PCI DSS v4.0 5.3.4 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance PCI_DSS_v4.0 5.3.4 PCI_DSS_v4.0_5.3.4 PCI DSS v4.0 5.3.4 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance PCI_DSS_v4.0 5.3.4 PCI_DSS_v4.0_5.3.4 PCI DSS v4.0 5.3.4 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance PCI_DSS_v4.0 5.3.4 PCI_DSS_v4.0_5.3.4 PCI DSS v4.0 5.3.4 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 5.3.5 PCI_DSS_v4.0_5.3.5 PCI DSS v4.0 5.3.5 Anti-malware mechanisms and processes are active, maintained, and monitored PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance PCI_DSS_v4.0 5.4.1 PCI_DSS_v4.0_5.4.1 PCI DSS v4.0 5.4.1 Anti-phishing mechanisms protect users against phishing attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Review and update configuration management policies and procedures Regulatory Compliance PCI_DSS_v4.0 6.1.1 PCI_DSS_v4.0_6.1.1 PCI DSS v4.0 6.1.1 Processes and mechanisms for developing and maintaining secure systems and software are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f49925aa-9b11-76ae-10e2-6e973cc60f37 Review and update system and services acquisition policies and procedures Regulatory Compliance PCI_DSS_v4.0 6.1.1 PCI_DSS_v4.0_6.1.1 PCI DSS v4.0 6.1.1 Processes and mechanisms for developing and maintaining secure systems and software are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance PCI_DSS_v4.0 6.2.2 PCI_DSS_v4.0_6.2.2 PCI DSS v4.0 6.2.2 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance PCI_DSS_v4.0 6.2.2 PCI_DSS_v4.0_6.2.2 PCI DSS v4.0 6.2.2 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance PCI_DSS_v4.0 6.2.3.1 PCI_DSS_v4.0_6.2.3.1 PCI DSS v4.0 6.2.3.1 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric PCI_DSS_v4.0 6.2.4 PCI_DSS_v4.0_6.2.4 PCI DSS v4.0 6.2.4 Bespoke and custom software are developed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 6.3.1 PCI_DSS_v4.0_6.3.1 PCI DSS v4.0 6.3.1 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b0e3035d-6366-2e37-796e-8bcab9c649e6 Establish a threat intelligence program Regulatory Compliance PCI_DSS_v4.0 6.3.1 PCI_DSS_v4.0_6.3.1 PCI DSS v4.0 6.3.1 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance PCI_DSS_v4.0 6.3.1 PCI_DSS_v4.0_6.3.1 PCI DSS v4.0 6.3.1 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
26d178a4-9261-6f04-a100-47ed85314c6e Implement security directives Regulatory Compliance PCI_DSS_v4.0 6.3.1 PCI_DSS_v4.0_6.3.1 PCI DSS v4.0 6.3.1 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3f1216b0-30ee-1ac9-3899-63eb744e85f5 Obtain Admin documentation Regulatory Compliance PCI_DSS_v4.0 6.3.2 PCI_DSS_v4.0_6.3.2 PCI DSS v4.0 6.3.2 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 6.3.3 PCI_DSS_v4.0_6.3.3 PCI DSS v4.0 6.3.3 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_v4.0 6.3.3 PCI_DSS_v4.0_6.3.3 PCI DSS v4.0 6.3.3 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_v4.0 6.3.3 PCI_DSS_v4.0_6.3.3 PCI DSS v4.0 6.3.3 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_v4.0 6.3.3 PCI_DSS_v4.0_6.3.3 PCI DSS v4.0 6.3.3 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 6.3.3 PCI_DSS_v4.0_6.3.3 PCI DSS v4.0 6.3.3 Security vulnerabilities are identified and addressed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center PCI_DSS_v4.0 6.4.1 PCI_DSS_v4.0_6.4.1 PCI DSS v4.0 6.4.1 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance PCI_DSS_v4.0 6.4.3 PCI_DSS_v4.0_6.4.3 PCI DSS v4.0 6.4.3 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance PCI_DSS_v4.0 6.4.3 PCI_DSS_v4.0_6.4.3 PCI DSS v4.0 6.4.3 Public-facing web applications are protected against attacks PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 6.5.1 PCI_DSS_v4.0_6.5.1 PCI DSS v4.0 6.5.1 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance PCI_DSS_v4.0 6.5.2 PCI_DSS_v4.0_6.5.2 PCI DSS v4.0 6.5.2 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance PCI_DSS_v4.0 6.5.3 PCI_DSS_v4.0_6.5.3 PCI DSS v4.0 6.5.3 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2af551d5-1775-326a-0589-590bfb7e9eb2 Limit privileges to make changes in production environment Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 6.5.4 PCI_DSS_v4.0_6.5.4 PCI DSS v4.0 6.5.4 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
834b7a4a-83ab-2188-1a26-9c5033d8173b Incorporate security and data privacy practices in research processing Regulatory Compliance PCI_DSS_v4.0 6.5.5 PCI_DSS_v4.0_6.5.5 PCI DSS v4.0 6.5.5 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance PCI_DSS_v4.0 6.5.6 PCI_DSS_v4.0_6.5.6 PCI DSS v4.0 6.5.6 Changes to all system components are managed securely PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.1 PCI_DSS_v4.0_7.1.1 PCI DSS v4.0 7.1.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.1 PCI_DSS_v4.0_7.1.1 PCI DSS v4.0 7.1.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03d550b4-34ee-03f4-515f-f2e2faf7a413 Review access control policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.1 PCI_DSS_v4.0_7.1.1 PCI DSS v4.0 7.1.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.1.1 PCI_DSS_v4.0_7.1.1 PCI DSS v4.0 7.1.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
59f7feff-02aa-6539-2cf7-bea75b762140 Develop access control policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.2 PCI_DSS_v4.0_7.1.2 PCI DSS v4.0 7.1.2 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.1.2 PCI_DSS_v4.0_7.1.2 PCI DSS v4.0 7.1.2 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1a2a03a4-9992-5788-5953-d8f6615306de Govern policies and procedures Regulatory Compliance PCI_DSS_v4.0 7.1.2 PCI_DSS_v4.0_7.1.2 PCI DSS v4.0 7.1.2 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.2.1 PCI_DSS_v4.0_7.2.1 PCI DSS v4.0 7.2.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.2.2 PCI_DSS_v4.0_7.2.2 PCI DSS v4.0 7.2.2 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.2.3 PCI_DSS_v4.0_7.2.3 PCI DSS v4.0 7.2.3 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance PCI_DSS_v4.0 7.2.4 PCI_DSS_v4.0_7.2.4 PCI DSS v4.0 7.2.4 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance PCI_DSS_v4.0 7.2.4 PCI_DSS_v4.0_7.2.4 PCI DSS v4.0 7.2.4 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance PCI_DSS_v4.0 7.2.4 PCI_DSS_v4.0_7.2.4 PCI DSS v4.0 7.2.4 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance PCI_DSS_v4.0 7.2.4 PCI_DSS_v4.0_7.2.4 PCI DSS v4.0 7.2.4 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance PCI_DSS_v4.0 7.2.5 PCI_DSS_v4.0_7.2.5 PCI DSS v4.0 7.2.5 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance PCI_DSS_v4.0 7.2.5.1 PCI_DSS_v4.0_7.2.5.1 PCI DSS v4.0 7.2.5.1 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance PCI_DSS_v4.0 7.2.6 PCI_DSS_v4.0_7.2.6 PCI DSS v4.0 7.2.6 Access to system components and data is appropriately defined and assigned PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.3.1 PCI_DSS_v4.0_7.3.1 PCI DSS v4.0 7.3.1 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.3.2 PCI_DSS_v4.0_7.3.2 PCI DSS v4.0 7.3.2 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance PCI_DSS_v4.0 7.3.3 PCI_DSS_v4.0_7.3.3 PCI DSS v4.0 7.3.3 Access to system components and data is managed via an access control system(s) PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29acfac0-4bb4-121b-8283-8943198b1549 Review and update identification and authentication policies and procedures Regulatory Compliance PCI_DSS_v4.0 8.1.1 PCI_DSS_v4.0_8.1.1 PCI DSS v4.0 8.1.1 Processes and mechanisms for identifying users and authenticating access to system components are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance PCI_DSS_v4.0 8.2.1 PCI_DSS_v4.0_8.2.1 PCI DSS v4.0 8.2.1 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance PCI_DSS_v4.0 8.2.1 PCI_DSS_v4.0_8.2.1 PCI DSS v4.0 8.2.1 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance PCI_DSS_v4.0 8.2.1 PCI_DSS_v4.0_8.2.1 PCI DSS v4.0 8.2.1 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Terminate customer controlled account credentials Regulatory Compliance PCI_DSS_v4.0 8.2.2 PCI_DSS_v4.0_8.2.2 PCI DSS v4.0 8.2.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2f204e72-1896-3bf8-75c9-9128b8683a36 Reissue authenticators for changed groups and accounts Regulatory Compliance PCI_DSS_v4.0 8.2.2 PCI_DSS_v4.0_8.2.2 PCI DSS v4.0 8.2.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance PCI_DSS_v4.0 8.2.2 PCI_DSS_v4.0_8.2.2 PCI DSS v4.0 8.2.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
08ad71d0-52be-6503-4908-e015460a16ae Require use of individual authenticators Regulatory Compliance PCI_DSS_v4.0 8.2.2 PCI_DSS_v4.0_8.2.2 PCI DSS v4.0 8.2.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.2.3 PCI_DSS_v4.0_8.2.3 PCI DSS v4.0 8.2.3 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.2.3 PCI_DSS_v4.0_8.2.3 PCI DSS v4.0 8.2.3 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.2.3 PCI_DSS_v4.0_8.2.3 PCI DSS v4.0 8.2.3 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
f29b17a4-0df2-8a50-058a-8570f9979d28 Assign system identifiers Regulatory Compliance PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.4 PCI_DSS_v4.0_8.2.4 PCI DSS v4.0 8.2.4 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.5 PCI_DSS_v4.0_8.2.5 PCI DSS v4.0 8.2.5 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.5 PCI_DSS_v4.0_8.2.5 PCI DSS v4.0 8.2.5 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance PCI_DSS_v4.0 8.2.6 PCI_DSS_v4.0_8.2.6 PCI DSS v4.0 8.2.6 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance PCI_DSS_v4.0 8.2.6 PCI_DSS_v4.0_8.2.6 PCI DSS v4.0 8.2.6 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e1379836-3492-6395-451d-2f5062e14136 Identify and authenticate non-organizational users Regulatory Compliance PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.2.7 PCI_DSS_v4.0_8.2.7 PCI DSS v4.0 8.2.7 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance PCI_DSS_v4.0 8.2.8 PCI_DSS_v4.0_8.2.8 PCI DSS v4.0 8.2.8 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2af4640d-11a6-a64b-5ceb-a468f4341c0c Define and enforce inactivity log policy Regulatory Compliance PCI_DSS_v4.0 8.2.8 PCI_DSS_v4.0_8.2.8 PCI DSS v4.0 8.2.8 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance PCI_DSS_v4.0 8.3.1 PCI_DSS_v4.0_8.3.1 PCI DSS v4.0 8.3.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.3.1 PCI_DSS_v4.0_8.3.1 PCI DSS v4.0 8.3.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.3.1 PCI_DSS_v4.0_8.3.1 PCI DSS v4.0 8.3.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.3.1 PCI_DSS_v4.0_8.3.1 PCI DSS v4.0 8.3.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance PCI_DSS_v4.0 8.3.10 PCI_DSS_v4.0_8.3.10 PCI DSS v4.0 8.3.10 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.10 PCI_DSS_v4.0_8.3.10 PCI DSS v4.0 8.3.10 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance PCI_DSS_v4.0 8.3.10.1 PCI_DSS_v4.0_8.3.10.1 PCI DSS v4.0 8.3.10.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.10.1 PCI_DSS_v4.0_8.3.10.1 PCI DSS v4.0 8.3.10.1 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance PCI_DSS_v4.0 8.3.11 PCI_DSS_v4.0_8.3.11 PCI DSS v4.0 8.3.11 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance PCI_DSS_v4.0 8.3.2 PCI_DSS_v4.0_8.3.2 PCI DSS v4.0 8.3.2 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
37dbe3dc-0e9c-24fa-36f2-11197cbfa207 Ensure authorized users protect provided authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.2 PCI_DSS_v4.0_8.3.2 PCI DSS v4.0 8.3.2 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b4409bff-2287-8407-05fd-c73175a68302 Enforce a limit of consecutive failed login attempts Regulatory Compliance PCI_DSS_v4.0 8.3.4 PCI_DSS_v4.0_8.3.4 PCI DSS v4.0 8.3.4 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance PCI_DSS_v4.0 8.3.5 PCI_DSS_v4.0_8.3.5 PCI DSS v4.0 8.3.5 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration PCI_DSS_v4.0 8.3.6 PCI_DSS_v4.0_8.3.6 PCI DSS v4.0 8.3.6 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.8 PCI_DSS_v4.0_8.3.8 PCI DSS v4.0 8.3.8 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance PCI_DSS_v4.0 8.3.9 PCI_DSS_v4.0_8.3.9 PCI DSS v4.0 8.3.9 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance PCI_DSS_v4.0 8.3.9 PCI_DSS_v4.0_8.3.9 PCI DSS v4.0 8.3.9 Strong authentication for users and administrators is established and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center PCI_DSS_v4.0 8.4.1 PCI_DSS_v4.0_8.4.1 PCI DSS v4.0 8.4.1 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.4.2 PCI_DSS_v4.0_8.4.2 PCI DSS v4.0 8.4.2 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance PCI_DSS_v4.0 8.4.3 PCI_DSS_v4.0_8.4.3 PCI DSS v4.0 8.4.3 Multi-factor authentication (MFA) is implemented to secure access into the CDE PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance PCI_DSS_v4.0 8.5.1 PCI_DSS_v4.0_8.5.1 PCI DSS v4.0 8.5.1 Multi-factor authentication (MFA) systems are configured to prevent misuse PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance PCI_DSS_v4.0 8.6.1 PCI_DSS_v4.0_8.6.1 PCI DSS v4.0 8.6.1 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance PCI_DSS_v4.0 8.6.1 PCI_DSS_v4.0_8.6.1 PCI DSS v4.0 8.6.1 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance PCI_DSS_v4.0 8.6.2 PCI_DSS_v4.0_8.6.2 PCI DSS v4.0 8.6.2 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3ae68d9a-5696-8c32-62d3-c6f9c52e437c Refresh authenticators Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance PCI_DSS_v4.0 8.6.3 PCI_DSS_v4.0_8.6.3 PCI DSS v4.0 8.6.3 Use of application and system accounts and associated authentication factors is strictly managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b4e19d22-8c0e-7cad-3219-c84c62dc250f Review and update media protection policies and procedures Regulatory Compliance PCI_DSS_v4.0 9.1.1 PCI_DSS_v4.0_9.1.1 PCI DSS v4.0 9.1.1 Processes and mechanisms for restricting physical access to cardholder data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance PCI_DSS_v4.0 9.1.1 PCI_DSS_v4.0_9.1.1 PCI DSS v4.0 9.1.1 Processes and mechanisms for restricting physical access to cardholder data are defined and understood PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.2.2 PCI_DSS_v4.0_9.2.2 PCI DSS v4.0 9.2.2 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.2.3 PCI_DSS_v4.0_9.2.3 PCI DSS v4.0 9.2.3 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.2.3 PCI_DSS_v4.0_9.2.3 PCI DSS v4.0 9.2.3 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.2.4 PCI_DSS_v4.0_9.2.4 PCI DSS v4.0 9.2.4 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.2.4 PCI_DSS_v4.0_9.2.4 PCI DSS v4.0 9.2.4 Physical access controls manage entry into facilities and systems containing cardholder data PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.1 PCI_DSS_v4.0_9.3.1 PCI DSS v4.0 9.3.1 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.1.1 PCI_DSS_v4.0_9.3.1.1 PCI DSS v4.0 9.3.1.1 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.3.2 PCI_DSS_v4.0_9.3.2 PCI DSS v4.0 9.3.2 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.2 PCI_DSS_v4.0_9.3.2 PCI DSS v4.0 9.3.2 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.3 PCI_DSS_v4.0_9.3.3 PCI DSS v4.0 9.3.3 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.3.3 PCI_DSS_v4.0_9.3.3 PCI DSS v4.0 9.3.3 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.3.4 PCI_DSS_v4.0_9.3.4 PCI DSS v4.0 9.3.4 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.3.4 PCI_DSS_v4.0_9.3.4 PCI DSS v4.0 9.3.4 Physical access for personnel and visitors is authorized and managed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.1 PCI_DSS_v4.0_9.4.1 PCI DSS v4.0 9.4.1 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.1.1 PCI_DSS_v4.0_9.4.1.1 PCI DSS v4.0 9.4.1.1 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.2 PCI_DSS_v4.0_9.4.2 PCI DSS v4.0 9.4.2 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.3 PCI_DSS_v4.0_9.4.3 PCI DSS v4.0 9.4.3 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance PCI_DSS_v4.0 9.4.3 PCI_DSS_v4.0_9.4.3 PCI DSS v4.0 9.4.3 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.4 PCI_DSS_v4.0_9.4.4 PCI DSS v4.0 9.4.4 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance PCI_DSS_v4.0 9.4.4 PCI_DSS_v4.0_9.4.4 PCI DSS v4.0 9.4.4 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance PCI_DSS_v4.0 9.4.5.1 PCI_DSS_v4.0_9.4.5.1 PCI DSS v4.0 9.4.5.1 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance PCI_DSS_v4.0 9.4.5.1 PCI_DSS_v4.0_9.4.5.1 PCI DSS v4.0 9.4.5.1 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 9.4.6 PCI_DSS_v4.0_9.4.6 PCI DSS v4.0 9.4.6 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance PCI_DSS_v4.0 9.4.6 PCI_DSS_v4.0_9.4.6 PCI DSS v4.0 9.4.6 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.6 PCI_DSS_v4.0_9.4.6 PCI DSS v4.0 9.4.6 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 9.4.6 PCI_DSS_v4.0_9.4.6 PCI DSS v4.0 9.4.6 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance PCI_DSS_v4.0 9.4.7 PCI_DSS_v4.0_9.4.7 PCI DSS v4.0 9.4.7 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance PCI_DSS_v4.0 9.4.7 PCI_DSS_v4.0_9.4.7 PCI DSS v4.0 9.4.7 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance PCI_DSS_v4.0 9.4.7 PCI_DSS_v4.0_9.4.7 PCI DSS v4.0 9.4.7 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance PCI_DSS_v4.0 9.4.7 PCI_DSS_v4.0_9.4.7 PCI DSS v4.0 9.4.7 Media with cardholder data is securely stored, accessed, distributed, and destroyed PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.5.1 PCI_DSS_v4.0_9.5.1 PCI DSS v4.0 9.5.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance PCI_DSS_v4.0 9.5.1 PCI_DSS_v4.0_9.5.1 PCI DSS v4.0 9.5.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.5.1 PCI_DSS_v4.0_9.5.1 PCI DSS v4.0 9.5.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.5.1.2 PCI_DSS_v4.0_9.5.1.2 PCI DSS v4.0 9.5.1.2 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.5.1.2 PCI_DSS_v4.0_9.5.1.2 PCI DSS v4.0 9.5.1.2 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance PCI_DSS_v4.0 9.5.1.2 PCI_DSS_v4.0_9.5.1.2 PCI DSS v4.0 9.5.1.2 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance PCI_DSS_v4.0 9.5.1.2.1 PCI_DSS_v4.0_9.5.1.2.1 PCI DSS v4.0 9.5.1.2.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance PCI_DSS_v4.0 9.5.1.2.1 PCI_DSS_v4.0_9.5.1.2.1 PCI DSS v4.0 9.5.1.2.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance PCI_DSS_v4.0 9.5.1.2.1 PCI_DSS_v4.0_9.5.1.2.1 PCI DSS v4.0 9.5.1.2.1 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance PCI_DSS_v4.0 9.5.1.3 PCI_DSS_v4.0_9.5.1.3 PCI DSS v4.0 9.5.1.3 Point of interaction (POI) devices are protected from tampering and unauthorized substitution PCI DSS v4 (c676748e-3af9-4e22-bc28-50feed564afb)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 10.1 RBI_CSF_Banks_v2016_10.1 Secure Mail And Messaging Systems-10.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 10.2 RBI_CSF_Banks_v2016_10.2 Secure Mail And Messaging Systems-10.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute RBI_CSF_Banks_v2016 13.1 RBI_CSF_Banks_v2016_13.1 Advanced Real-Timethreat Defenceand Management-13.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_CSF_Banks_v2016 13.2 RBI_CSF_Banks_v2016_13.2 Advanced Real-Timethreat Defenceand Management-13.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 13.3 RBI_CSF_Banks_v2016_13.3 Advanced Real-Timethreat Defenceand Management-13.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage RBI_CSF_Banks_v2016 13.4 RBI_CSF_Banks_v2016_13.4 Advanced Real-Timethreat Defenceand Management-13.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning RBI_CSF_Banks_v2016 14.1 RBI_CSF_Banks_v2016_14.1 Anti-Phishing-14.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Security Center RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Security Center RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy-15.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b2982f36-99f2-4db5-8eff-283140c09693 Storage accounts should disable public network access Storage RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 15.2 RBI_CSF_Banks_v2016_15.2 Data Leak Prevention Strategy-15.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center RBI_CSF_Banks_v2016 15.3 RBI_CSF_Banks_v2016_15.3 Data Leak Prevention Strategy-15.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Security Center RBI_CSF_Banks_v2016 15.3 RBI_CSF_Banks_v2016_15.3 Data Leak Prevention Strategy-15.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Security Center RBI_CSF_Banks_v2016 15.3 RBI_CSF_Banks_v2016_15.3 Data Leak Prevention Strategy-15.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center RBI_CSF_Banks_v2016 15.3 RBI_CSF_Banks_v2016_15.3 Data Leak Prevention Strategy-15.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 15.3 RBI_CSF_Banks_v2016_15.3 Data Leak Prevention Strategy-15.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f080164-9f4d-497e-9db6-416dc9f7b48a Network Watcher flow logs should have traffic analytics enabled Network RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3 Log duration should be enabled for PostgreSQL database servers SQL RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring RBI_CSF_Banks_v2016 16.2 RBI_CSF_Banks_v2016_16.2 Maintenance, Monitoring, And Analysis Of Audit Logs-16.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring RBI_CSF_Banks_v2016 16.2 RBI_CSF_Banks_v2016_16.2 Maintenance, Monitoring, And Analysis Of Audit Logs-16.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring RBI_CSF_Banks_v2016 16.2 RBI_CSF_Banks_v2016_16.2 Maintenance, Monitoring, And Analysis Of Audit Logs-16.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring RBI_CSF_Banks_v2016 16.2 RBI_CSF_Banks_v2016_16.2 Maintenance, Monitoring, And Analysis Of Audit Logs-16.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault RBI_CSF_Banks_v2016 16.3 RBI_CSF_Banks_v2016_16.3 Maintenance, Monitoring, And Analysis Of Audit Logs-16.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring RBI_CSF_Banks_v2016 16.3 RBI_CSF_Banks_v2016_16.3 Maintenance, Monitoring, And Analysis Of Audit Logs-16.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_CSF_Banks_v2016 16.3 RBI_CSF_Banks_v2016_16.3 Maintenance, Monitoring, And Analysis Of Audit Logs-16.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring RBI_CSF_Banks_v2016 16.3 RBI_CSF_Banks_v2016_16.3 Maintenance, Monitoring, And Analysis Of Audit Logs-16.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration RBI_CSF_Banks_v2016 17.1 RBI_CSF_Banks_v2016_17.1 Audit Log Settings-17.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 18.1 RBI_CSF_Banks_v2016_18.1 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 18.1 RBI_CSF_Banks_v2016_18.1 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 18.1 RBI_CSF_Banks_v2016_18.1 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 18.2 RBI_CSF_Banks_v2016_18.2 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 18.2 RBI_CSF_Banks_v2016_18.2 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 18.2 RBI_CSF_Banks_v2016_18.2 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 18.2 RBI_CSF_Banks_v2016_18.2 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 18.4 RBI_CSF_Banks_v2016_18.4 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center RBI_CSF_Banks_v2016 18.4 RBI_CSF_Banks_v2016_18.4 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 18.4 RBI_CSF_Banks_v2016_18.4 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center RBI_CSF_Banks_v2016 18.4 RBI_CSF_Banks_v2016_18.4 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_CSF_Banks_v2016 18.4 RBI_CSF_Banks_v2016_18.4 Vulnerability Assessment And Penetration Test And Red Team Exercises-18.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 19.2 RBI_CSF_Banks_v2016_19.2 Responding To Cyber-Incidents:-19.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.2 RBI_CSF_Banks_v2016_19.2 Responding To Cyber-Incidents:-19.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.2 RBI_CSF_Banks_v2016_19.2 Responding To Cyber-Incidents:-19.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.4 RBI_CSF_Banks_v2016_19.4 Recovery From Cyber - Incidents-19.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RBI_CSF_Banks_v2016 19.4 RBI_CSF_Banks_v2016_19.4 Recovery From Cyber - Incidents-19.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_CSF_Banks_v2016 19.5 RBI_CSF_Banks_v2016_19.5 Recovery From Cyber - Incidents-19.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6 RBI_CSF_Banks_v2016_19.6 Recovery From Cyber - Incidents-19.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 19.6 RBI_CSF_Banks_v2016_19.6 Recovery From Cyber - Incidents-19.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6 RBI_CSF_Banks_v2016_19.6 Recovery From Cyber - Incidents-19.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.6 RBI_CSF_Banks_v2016_19.6 Recovery From Cyber - Incidents-19.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center RBI_CSF_Banks_v2016 19.6b RBI_CSF_Banks_v2016_19.6b Recovery From Cyber - Incidents-19.6b [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6b RBI_CSF_Banks_v2016_19.6b Recovery From Cyber - Incidents-19.6b [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6b RBI_CSF_Banks_v2016_19.6b Recovery From Cyber - Incidents-19.6b [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.6b RBI_CSF_Banks_v2016_19.6b Recovery From Cyber - Incidents-19.6b [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6c RBI_CSF_Banks_v2016_19.6c Recovery From Cyber - Incidents-19.6c [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 19.6c RBI_CSF_Banks_v2016_19.6c Recovery From Cyber - Incidents-19.6c [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 19.6c RBI_CSF_Banks_v2016_19.6c Recovery From Cyber - Incidents-19.6c [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 19.6e RBI_CSF_Banks_v2016_19.6e Recovery From Cyber - Incidents-19.6e [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center RBI_CSF_Banks_v2016 2.1 RBI_CSF_Banks_v2016_2.1 Software Inventory-2.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center RBI_CSF_Banks_v2016 2.1 RBI_CSF_Banks_v2016_2.1 Software Inventory-2.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center RBI_CSF_Banks_v2016 2.2 RBI_CSF_Banks_v2016_2.2 Authorised Software Installation-2.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center RBI_CSF_Banks_v2016 2.2 RBI_CSF_Banks_v2016_2.2 Authorised Software Installation-2.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 2.3 RBI_CSF_Banks_v2016_2.3 Security Update Management-2.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 2.3 RBI_CSF_Banks_v2016_2.3 Security Update Management-2.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center RBI_CSF_Banks_v2016 2.3 RBI_CSF_Banks_v2016_2.3 Security Update Management-2.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center RBI_CSF_Banks_v2016 2.3 RBI_CSF_Banks_v2016_2.3 Security Update Management-2.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_CSF_Banks_v2016 2.3 RBI_CSF_Banks_v2016_2.3 Security Update Management-2.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center RBI_CSF_Banks_v2016 2.3 RBI_CSF_Banks_v2016_2.3 Security Update Management-2.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center RBI_CSF_Banks_v2016 2.3 RBI_CSF_Banks_v2016_2.3 Security Update Management-2.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 20.1 RBI_CSF_Banks_v2016_20.1 Risk Based Transaction Monitoring-20.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL RBI_CSF_Banks_v2016 21.1 RBI_CSF_Banks_v2016_21.1 Metrics-21.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d02d2f7-e38b-4bdc-96f3-adc0a8726abc Hotpatch should be enabled for Windows Server Azure Edition VMs Automanage RBI_CSF_Banks_v2016 21.2 RBI_CSF_Banks_v2016_21.2 Metrics-21.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center RBI_CSF_Banks_v2016 22.1 RBI_CSF_Banks_v2016_22.1 Forensics-22.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 4.10 RBI_CSF_Banks_v2016_4.10 Perimeter Protection And Detection-4.10 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f080164-9f4d-497e-9db6-416dc9f7b48a Network Watcher flow logs should have traffic analytics enabled Network RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring RBI_CSF_Banks_v2016 4.2 RBI_CSF_Banks_v2016_4.2 Network Inventory-4.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.3 RBI_CSF_Banks_v2016_4.3 Network Device Configuration Management-4.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 4.7 RBI_CSF_Banks_v2016_4.7 Anomaly Detection-4.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_CSF_Banks_v2016 4.9 RBI_CSF_Banks_v2016_4.9 Security Operation Centre-4.9 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration RBI_CSF_Banks_v2016 5.1 RBI_CSF_Banks_v2016_5.1 Secure Configuration-5.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center RBI_CSF_Banks_v2016 5.2 RBI_CSF_Banks_v2016_5.2 Secure Configuration-5.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6d02d2f7-e38b-4bdc-96f3-adc0a8726abc Hotpatch should be enabled for Windows Server Azure Edition VMs Automanage RBI_CSF_Banks_v2016 5.2 RBI_CSF_Banks_v2016_5.2 Secure Configuration-5.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_CSF_Banks_v2016 6.1 RBI_CSF_Banks_v2016_6.1 Application Security Life Cycle (Aslc)-6.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_CSF_Banks_v2016 6.3 RBI_CSF_Banks_v2016_6.3 Application Security Life Cycle (Aslc)-6.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
199d5677-e4d9-4264-9465-efe1839c06bd Application Insights components should block non-Azure Active Directory based ingestion. Monitoring RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0c4bd2e8-8872-4f37-a654-03f6f38ddc76 Application Insights components with Private Link enabled should use Bring Your Own Storage accounts for profiler and debugger. Monitoring RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc)-6.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_CSF_Banks_v2016 6.6 RBI_CSF_Banks_v2016_6.6 Application Security Life Cycle (Aslc)-6.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_CSF_Banks_v2016 6.7 RBI_CSF_Banks_v2016_6.7 Application Security Life Cycle (Aslc)-6.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_CSF_Banks_v2016 6.7 RBI_CSF_Banks_v2016_6.7 Application Security Life Cycle (Aslc)-6.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network RBI_CSF_Banks_v2016 6.7 RBI_CSF_Banks_v2016_6.7 Application Security Life Cycle (Aslc)-6.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.1 RBI_CSF_Banks_v2016_7.1 Patch/Vulnerability & Change Management-7.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_CSF_Banks_v2016 7.2 RBI_CSF_Banks_v2016_7.2 Patch/Vulnerability & Change Management-7.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_CSF_Banks_v2016 7.6 RBI_CSF_Banks_v2016_7.6 Patch/Vulnerability & Change Management-7.6 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center RBI_CSF_Banks_v2016 7.7 RBI_CSF_Banks_v2016_7.7 Patch/Vulnerability & Change Management-7.7 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center RBI_CSF_Banks_v2016 8.1 RBI_CSF_Banks_v2016_8.1 User Access Control / Management-8.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.2 RBI_CSF_Banks_v2016_8.2 User Access Control / Management-8.2 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.3 RBI_CSF_Banks_v2016_8.3 User Access Control / Management-8.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service RBI_CSF_Banks_v2016 8.4 RBI_CSF_Banks_v2016_8.4 User Access Control / Management-8.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service RBI_CSF_Banks_v2016 8.4 RBI_CSF_Banks_v2016_8.4 User Access Control / Management-8.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RBI_CSF_Banks_v2016 8.4 RBI_CSF_Banks_v2016_8.4 User Access Control / Management-8.4 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_CSF_Banks_v2016 8.5 RBI_CSF_Banks_v2016_8.5 User Access Control / Management-8.5 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_CSF_Banks_v2016 8.8 RBI_CSF_Banks_v2016_8.8 User Access Control / Management-8.8 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_CSF_Banks_v2016 8.8 RBI_CSF_Banks_v2016_8.8 User Access Control / Management-8.8 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center RBI_CSF_Banks_v2016 9.1 RBI_CSF_Banks_v2016_9.1 Authentication Framework For Customers-9.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center RBI_CSF_Banks_v2016 9.1 RBI_CSF_Banks_v2016_9.1 Authentication Framework For Customers-9.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration RBI_CSF_Banks_v2016 9.1 RBI_CSF_Banks_v2016_9.1 Authentication Framework For Customers-9.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center RBI_CSF_Banks_v2016 9.1 RBI_CSF_Banks_v2016_9.1 Authentication Framework For Customers-9.1 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_CSF_Banks_v2016 9.3 RBI_CSF_Banks_v2016_9.3 Authentication Framework For Customers-9.3 [Preview]: Reserve Bank of India - IT Framework for Banks (d0d5578d-cc08-2b22-31e3-f525374f235a)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 1 RBI_ITF_NBFC_v2017_1 RBI IT Framework 1 IT Governance-1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_ITF_NBFC_v2017 1.1 RBI_ITF_NBFC_v2017_1.1 RBI IT Framework 1.1 IT Governance-1.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RBI_ITF_NBFC_v2017 1.1 RBI_ITF_NBFC_v2017_1.1 RBI IT Framework 1.1 IT Governance-1.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_ITF_NBFC_v2017 1.1 RBI_ITF_NBFC_v2017_1.1 RBI IT Framework 1.1 IT Governance-1.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_ITF_NBFC_v2017 1.1 RBI_ITF_NBFC_v2017_1.1 RBI IT Framework 1.1 IT Governance-1.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center RBI_ITF_NBFC_v2017 2 RBI_ITF_NBFC_v2017_2 RBI IT Framework 2 IT Policy-2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center RBI_ITF_NBFC_v2017 2 RBI_ITF_NBFC_v2017_2 RBI IT Framework 2 IT Policy-2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_ITF_NBFC_v2017 3 RBI_ITF_NBFC_v2017_3 RBI IT Framework 3 Information Security-3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.a RBI_ITF_NBFC_v2017_3.1.a RBI IT Framework 3.1.a Identification and Classification of Information Assets-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center RBI_ITF_NBFC_v2017 3.1.b RBI_ITF_NBFC_v2017_3.1.b RBI IT Framework 3.1.b Segregation of Functions-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring RBI_ITF_NBFC_v2017 3.1.c RBI_ITF_NBFC_v2017_3.1.c RBI IT Framework 3.1.c Role based Access Control-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RBI_ITF_NBFC_v2017 3.1.f RBI_ITF_NBFC_v2017_3.1.f RBI IT Framework 3.1.f Maker-checker-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3 Log duration should be enabled for PostgreSQL database servers SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2f080164-9f4d-497e-9db6-416dc9f7b48a Network Watcher flow logs should have traffic analytics enabled Network RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Trails-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service RBI_ITF_NBFC_v2017 3.1.h RBI_ITF_NBFC_v2017_3.1.h RBI IT Framework 3.1.h Public Key Infrastructure (PKI)-3.1 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_ITF_NBFC_v2017 3.3 RBI_ITF_NBFC_v2017_3.3 RBI IT Framework 3.3 Vulnerability Management-3.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
1151cede-290b-4ba0-8b38-0ad145ac888f Certificates should use allowed key types Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
8e826246-c976-48f6-b03e-619bb92b3d82 Certificates should be issued by the specified integrated certificate authority Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
cee51871-e572-4576-855c-047c820360f0 Certificates using RSA cryptography should have the specified minimum key size Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bd78111f-4953-4367-9fd5-7e08808b54bf Certificates using elliptic curve cryptography should have allowed curve names Key Vault RBI_ITF_NBFC_v2017 3.8 RBI_ITF_NBFC_v2017_3.8 RBI IT Framework 3.8 Digital Signatures-3.8 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring RBI_ITF_NBFC_v2017 4.2 RBI_ITF_NBFC_v2017_4.2 RBI IT Framework 4.2 IT Operations-4.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_ITF_NBFC_v2017 4.4a RBI_ITF_NBFC_v2017_4.4a RBI IT Framework 4.4.a IT Operations-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_ITF_NBFC_v2017 4.4a RBI_ITF_NBFC_v2017_4.4a RBI IT Framework 4.4.a IT Operations-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_ITF_NBFC_v2017 4.4a RBI_ITF_NBFC_v2017_4.4a RBI IT Framework 4.4.a IT Operations-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RBI_ITF_NBFC_v2017 4.4b RBI_ITF_NBFC_v2017_4.4b RBI IT Framework 4.4.b MIS For Top Management-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RBI_ITF_NBFC_v2017 4.4b RBI_ITF_NBFC_v2017_4.4b RBI IT Framework 4.4.b MIS For Top Management-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RBI_ITF_NBFC_v2017 4.4b RBI_ITF_NBFC_v2017_4.4b RBI IT Framework 4.4.b MIS For Top Management-4.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 Policy for Information System Audit (IS Audit)-5 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_ITF_NBFC_v2017 5.2 RBI_ITF_NBFC_v2017_5.2 RBI IT Framework 5.2 Coverage-5.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_ITF_NBFC_v2017 5.2 RBI_ITF_NBFC_v2017_5.2 RBI IT Framework 5.2 Coverage-5.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_ITF_NBFC_v2017 5.2 RBI_ITF_NBFC_v2017_5.2 RBI IT Framework 5.2 Coverage-5.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_ITF_NBFC_v2017 5.2 RBI_ITF_NBFC_v2017_5.2 RBI IT Framework 5.2 Coverage-5.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_ITF_NBFC_v2017 6 RBI_ITF_NBFC_v2017_6 RBI IT Framework 6 Business Continuity Planning (BCP) and Disaster Recovery-6 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_ITF_NBFC_v2017 6.2 RBI_ITF_NBFC_v2017_6.2 RBI IT Framework 6.2 Recovery strategy / Contingency Plan-6.2 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup RBI_ITF_NBFC_v2017 6.3 RBI_ITF_NBFC_v2017_6.3 RBI IT Framework 6.3 Recovery strategy / Contingency Plan-6.3 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup RBI_ITF_NBFC_v2017 6.4 RBI_ITF_NBFC_v2017_6.4 RBI IT Framework 6.4 Recovery strategy / Contingency Plan-6.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery RBI_ITF_NBFC_v2017 6.4 RBI_ITF_NBFC_v2017_6.4 RBI IT Framework 6.4 Recovery strategy / Contingency Plan-6.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup RBI_ITF_NBFC_v2017 6.4 RBI_ITF_NBFC_v2017_6.4 RBI IT Framework 6.4 Recovery strategy / Contingency Plan-6.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RBI_ITF_NBFC_v2017 6.4 RBI_ITF_NBFC_v2017_6.4 RBI IT Framework 6.4 Recovery strategy / Contingency Plan-6.4 [Preview]: Reserve Bank of India - IT Framework for NBFC (7f89f09c-48c1-f28d-1bd5-84f3fb22f86c)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage RMiT_v1.0 10.16 RMiT_v1.0_10.16 RMiT 10.16 Cryptography - 10.16 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network RMiT_v1.0 10.19 RMiT_v1.0_10.19 RMiT 10.19 Cryptography - 10.19 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service RMiT_v1.0 10.20 RMiT_v1.0_10.20 RMiT 10.20 Cryptography - 10.20 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service RMiT_v1.0 10.20 RMiT_v1.0_10.20 RMiT 10.20 Cryptography - 10.20 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute RMiT_v1.0 10.27 RMiT_v1.0_10.27 RMiT 10.27 Datacenter Operations - 10.27 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3c1b3629-c8f8-4bf6-862c-037cb9094038 Deploy - Configure Log Analytics extension to be enabled on Windows virtual machine scale sets Monitoring RMiT_v1.0 10.27 RMiT_v1.0_10.27 RMiT 10.27 Datacenter Operations - 10.27 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring RMiT_v1.0 10.30 RMiT_v1.0_10.30 RMiT 10.30 Datacenter Operations - 10.30 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup RMiT_v1.0 10.30 RMiT_v1.0_10.30 RMiT 10.30 Datacenter Operations - 10.30 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a3701552-92ea-433e-9d17-33b7f1208fc9 Configure Container registries to disable public network access Container Registry RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b Configure Azure SQL Server to disable public network access SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8e8ca470-d980-4831-99e6-dc70d9f6af87 Configure Azure SQL Server to enable private endpoint connections SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e07b2e9-6cd9-4c40-9ccb-52817b95133b Modify - Configure Azure File Sync to disable public network access Storage RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8426280e-b5be-43d9-979e-653d12a08638 Configure managed disks to disable public network access Compute RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
73290fa2-dfa7-4bbb-945d-a5e23b75df2c Configure App Configuration to disable public network access App Configuration RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience - 10.33 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network RMiT_v1.0 10.35 RMiT_v1.0_10.35 RMiT 10.35 Network Resilience - 10.35 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3c1b3629-c8f8-4bf6-862c-037cb9094038 Deploy - Configure Log Analytics extension to be enabled on Windows virtual machine scale sets Monitoring RMiT_v1.0 10.35 RMiT_v1.0_10.35 RMiT 10.35 Network Resilience - 10.35 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8e7da0a5-0a0e-4bbc-bfc0-7773c018b616 Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace. Security Center RMiT_v1.0 10.38 RMiT_v1.0_10.38 RMiT 10.38 Network Resilience - 10.38 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6df2fee6-a9ed-4fef-bced-e13be1b25f1c Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace. Security Center RMiT_v1.0 10.38 RMiT_v1.0_10.38 RMiT 10.38 Network Resilience - 10.38 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
50b83b09-03da-41c1-b656-c293c914862b A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections Network RMiT_v1.0 10.39 RMiT_v1.0_10.39 RMiT 10.39 Network Resilience - 10.39 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network RMiT_v1.0 10.39 RMiT_v1.0_10.39 RMiT 10.39 Network Resilience - 10.39 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network RMiT_v1.0 10.39 RMiT_v1.0_10.39 RMiT 10.39 Network Resilience - 10.39 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a9934fd7-29f2-4e6d-ab3d-607ea38e9079 SQL Managed Instances should avoid using GRS backup redundancy SQL RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13 SQL Database should avoid using GRS backup redundancy SQL RMiT_v1.0 10.49 RMiT_v1.0_10.49 RMiT 10.49 Cloud Services - 10.49 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL RMiT_v1.0 10.51 RMiT_v1.0_10.51 RMiT 10.51 Cloud Services - 10.51 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub RMiT_v1.0 10.53 RMiT_v1.0_10.53 RMiT 10.53 Cloud Services - 10.53 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RMiT_v1.0 10.54 RMiT_v1.0_10.54 RMiT 10.54 Access Control - 10.54 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined Event Hub RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes RMiT_v1.0 10.55 RMiT_v1.0_10.55 RMiT 10.55 Access Control - 10.55 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center RMiT_v1.0 10.58 RMiT_v1.0_10.58 RMiT 10.58 Access Control - 10.58 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center RMiT_v1.0 10.58 RMiT_v1.0_10.58 RMiT 10.58 Access Control - 10.58 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center RMiT_v1.0 10.58 RMiT_v1.0_10.58 RMiT 10.58 Access Control - 10.58 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RMiT_v1.0 10.60 RMiT_v1.0_10.60 RMiT 10.60 Access Control - 10.60 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RMiT_v1.0 10.60 RMiT_v1.0_10.60 RMiT 10.60 Access Control - 10.60 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center RMiT_v1.0 10.61 RMiT_v1.0_10.61 RMiT 10.61 Access Control - 10.61 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center RMiT_v1.0 10.62 RMiT_v1.0_10.62 RMiT 10.62 Access Control - 10.62 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General RMiT_v1.0 10.62 RMiT_v1.0_10.62 RMiT 10.62 Access Control - 10.62 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center RMiT_v1.0 10.63 RMiT_v1.0_10.63 RMiT 10.63 Patch and End-of-Life System Management - 10.63 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute RMiT_v1.0 10.63 RMiT_v1.0_10.63 RMiT 10.63 Patch and End-of-Life System Management - 10.63 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center RMiT_v1.0 10.65 RMiT_v1.0_10.65 RMiT 10.65 Patch and End-of-Life System Management - 10.65 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center RMiT_v1.0 10.65 RMiT_v1.0_10.65 RMiT 10.65 Patch and End-of-Life System Management - 10.65 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center RMiT_v1.0 10.65 RMiT_v1.0_10.65 RMiT 10.65 Patch and End-of-Life System Management - 10.65 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03 Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b889a06c-ec72-4b03-910a-cb169ee18721 Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a1dae6c7-13f3-48ea-a149-ff8442661f60 Deploy Diagnostic Settings for Logic Apps to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
04d53d87-841c-4f23-8a5b-21564380b55e Deploy Diagnostic Settings for Service Bus to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bef3f64c-5290-43b7-85b0-9b254eef4c47 Deploy Diagnostic Settings for Key Vault to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6b51af03-9277-49a9-a3f8-1c69c9ff7403 Deploy Diagnostic Settings for Service Bus to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0868462e-646c-4fe3-9ced-a733534b6a2c Deploy - Configure Log Analytics extension to be enabled on Windows virtual machines Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
08ba64b8-738f-4918-9686-730d2ed79c7d Deploy Diagnostic Settings for Search Services to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4daddf25-4823-43d4-88eb-2419eb6dcc08 Deploy Diagnostic Settings for Data Lake Analytics to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1f6e93e8-6b31-41b1-83f6-36e449a42579 Deploy Diagnostic Settings for Event Hub to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
237e0f7e-b0e8-4ec4-ad46-8c12cb66d673 Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c84e5349-db6d-4769-805e-e14037dab9b5 Deploy Diagnostic Settings for Batch Account to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
25763a0a-5783-4f14-969e-79d4933eb74b Deploy Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3d5da587-71bd-41f5-ac95-dd3330c2d58d Deploy Diagnostic Settings for Search Services to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ef7b61ef-b8e4-4c91-8e78-6946c6b0023f Deploy Diagnostic Settings for Event Hub to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b79fa14e-238a-4c2d-b376-442ce508fc84 Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace SQL RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e8d096bc-85de-4c5f-8cfb-857bd1b9d62d Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
edf3780c-3d70-40fe-b17e-ab72013dafca Deploy Diagnostic Settings for Stream Analytics to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
db51110f-0865-4a6e-b274-e2e07a5b2cd7 Deploy Diagnostic Settings for Batch Account to Event Hub Monitoring RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services - 10.66 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service RMiT_v1.0 10.68 RMiT_v1.0_10.68 RMiT 10.68 Security of Digital Services - 10.68 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service RMiT_v1.0 10.68 RMiT_v1.0_10.68 RMiT 10.68 Security of Digital Services - 10.68 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network RMiT_v1.0 11.13 RMiT_v1.0_11.13 RMiT 11.13 Distributed Denial of Service (DDoS) - 11.13 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e07b2e9-6cd9-4c40-9ccb-52817b95133b Modify - Configure Azure File Sync to disable public network access Storage RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b Configure Azure SQL Server to disable public network access SQL RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a3701552-92ea-433e-9d17-33b7f1208fc9 Configure Container registries to disable public network access Container Registry RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8426280e-b5be-43d9-979e-653d12a08638 Configure managed disks to disable public network access Compute RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
73290fa2-dfa7-4bbb-945d-a5e23b75df2c Configure App Configuration to disable public network access App Configuration RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault RMiT_v1.0 11.15 RMiT_v1.0_11.15 RMiT 11.15 Data Loss Prevention (DLP) - 11.15 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center RMiT_v1.0 11.17 RMiT_v1.0_11.17 RMiT 11.17 Security Operations Centre (SOC) - 11.17 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center RMiT_v1.0 11.17 RMiT_v1.0_11.17 RMiT 11.17 Security Operations Centre (SOC) - 11.17 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center RMiT_v1.0 11.17 RMiT_v1.0_11.17 RMiT 11.17 Security Operations Centre (SOC) - 11.17 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center RMiT_v1.0 11.17 RMiT_v1.0_11.17 RMiT 11.17 Security Operations Centre (SOC) - 11.17 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3 Log duration should be enabled for PostgreSQL database servers SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) - 11.18 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute RMiT_v1.0 11.2 RMiT_v1.0_11.2 RMiT 11.2 Cyber Risk Management - 11.2 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute RMiT_v1.0 11.20 RMiT_v1.0_11.20 RMiT 11.20 Security Operations Centre (SOC) - 11.20 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
09ce66bc-1220-4153-8104-e3f51c936913 Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location Backup RMiT_v1.0 11.4 RMiT_v1.0_11.4 RMiT 11.4 Cyber Risk Management - 11.4 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute RMiT_v1.0 11.4 RMiT_v1.0_11.4 RMiT 11.4 Cyber Risk Management - 11.4 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6c112d4e-5bc7-47ae-a041-ea2d9dccd749 Not allowed resource types General RMiT_v1.0 11.4 RMiT_v1.0_11.4 RMiT 11.4 Cyber Risk Management - 11.4 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
361c2074-3595-4e5d-8cab-4f21dffc835c Deploy Defender for Storage (Classic) on storage accounts Storage RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RMiT_v1.0 11.5 RMiT_v1.0_11.5 RMiT 11.5 Cybersecurity Operations - 11.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL RMiT_v1.0 11.8 RMiT_v1.0_11.8 RMiT 11.8 Cybersecurity Operations - 11.8 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center RMiT_v1.0 11.8 RMiT_v1.0_11.8 RMiT 11.8 Cybersecurity Operations - 11.8 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL RMiT_v1.0 11.8 RMiT_v1.0_11.8 RMiT 11.8 Cybersecurity Operations - 11.8 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center RMiT_v1.0 Appendix_5.2 RMiT_v1.0_Appendix_5.2 RMiT Appendix 5.2 Control Measures on Cybersecurity - Appendix 5.2 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center RMiT_v1.0 Appendix_5.2 RMiT_v1.0_Appendix_5.2 RMiT Appendix 5.2 Control Measures on Cybersecurity - Appendix 5.2 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service RMiT_v1.0 Appendix_5.3 RMiT_v1.0_Appendix_5.3 RMiT Appendix 5.3 Control Measures on Cybersecurity - Appendix 5.3 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
50b83b09-03da-41c1-b656-c293c914862b A custom IPsec/IKE policy must be applied to all Azure virtual network gateway connections Network RMiT_v1.0 Appendix_5.5 RMiT_v1.0_Appendix_5.5 RMiT Appendix 5.5 Control Measures on Cybersecurity - Appendix 5.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes RMiT_v1.0 Appendix_5.5 RMiT_v1.0_Appendix_5.5 RMiT Appendix 5.5 Control Measures on Cybersecurity - Appendix 5.5 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3375856c-3824-4e0e-ae6a-79e011dd4c47 MySQL server should use a virtual network service endpoint SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
dfbd9a64-6114-48de-a47d-90574dc2e489 MariaDB server should use a virtual network service endpoint SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
425bea59-a659-4cbb-8d31-34499bd030b8 Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service Network RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
3c14b034-bcb6-4905-94e7-5b8e98a47b65 PostgreSQL server should use a virtual network service endpoint SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL RMiT_v1.0 Appendix_5.6 RMiT_v1.0_Appendix_5.6 RMiT Appendix 5.6 Control Measures on Cybersecurity - Appendix 5.6 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
8e8ca470-d980-4831-99e6-dc70d9f6af87 Configure Azure SQL Server to enable private endpoint connections SQL RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity - Appendix 5.7 RMIT Malaysia (97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
e765b5de-1225-4ba3-bd56-1ac6695af988 Allowed locations for resource groups General SO.1 - Data Residency SO.1 - Data Residency 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea), [Preview]: Sovereignty Baseline - Global Policies (c1cbff38-87c0-4b9f-9f70-035c7a3b5523)
e56962a6-4747-49cd-b67b-bf8b01975c4c Allowed locations General SO.1 - Data Residency SO.1 - Data Residency 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea), [Preview]: Sovereignty Baseline - Global Policies (c1cbff38-87c0-4b9f-9f70-035c7a3b5523)
0473574d-2d43-4217-aefe-941fcdf7e684 Azure Cosmos DB allowed locations Cosmos DB SO.1 - Data Residency SO.1 - Data Residency 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea), [Preview]: Sovereignty Baseline - Global Policies (c1cbff38-87c0-4b9f-9f70-035c7a3b5523)
7c322315-e26d-4174-a99e-f49d351b4688 Table Storage should use customer-managed key for encryption Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
f0e5abd0-2554-4736-b7c0-4ffef23475ef Queue Storage should use customer-managed key for encryption Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage SO .3 - Customer-Managed Keys SO.3 - Customer-Managed Keys 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
cccc23c7-8427-4f53-ad12-b6a63eb452b3 Allowed virtual machine size SKUs Compute SO .4 - Azure Confidential Computing SO.4 - Azure Confidential Computing 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
a08ec900-254a-4555-9bf5-e42af04b5c5c Allowed resource types General SO .4 - Azure Confidential Computing SO.4 - Azure Confidential Computing 404 not found [Preview]: Sovereignty Baseline - Confidential Policies (03de05a4-c324-4ccd-882f-a814ea8ab9ea)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance SOC_2 A1.1 SOC_2_A1.1 SOC 2 Type 2 A1.1 Capacity management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL SOC_2 A1.2 SOC_2_A1.2 SOC 2 Type 2 A1.2 Environmental protections, software, data back-up processes, and recovery infrastructure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Initiate contingency plan testing corrective actions Regulatory Compliance SOC_2 A1.3 SOC_2_A1.3 SOC 2 Type 2 A1.3 Recovery plan testing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SOC_2 A1.3 SOC_2_A1.3 SOC 2 Type 2 A1.3 Recovery plan testing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5d3abfea-a130-1208-29c0-e57de80aa6b0 Review the results of contingency plan testing Regulatory Compliance SOC_2 A1.3 SOC_2_A1.3 SOC 2 Type 2 A1.3 Recovery plan testing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
58a51cde-008b-1a5d-61b5-d95849770677 Test the business continuity and disaster recovery plan Regulatory Compliance SOC_2 A1.3 SOC_2_A1.3 SOC 2 Type 2 A1.3 Recovery plan testing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 C1.1 SOC_2_C1.1 SOC 2 Type 2 C1.1 Protection of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 C1.1 SOC_2_C1.1 SOC 2 Type 2 C1.1 Protection of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 C1.1 SOC_2_C1.1 SOC 2 Type 2 C1.1 Protection of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 C1.2 SOC_2_C1.2 SOC 2 Type 2 C1.2 Disposal of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 C1.2 SOC_2_C1.2 SOC 2 Type 2 C1.2 Disposal of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 C1.2 SOC_2_C1.2 SOC 2 Type 2 C1.2 Disposal of confidential information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6c0a312f-04c5-5c97-36a5-e56763a02b6b Review and sign revised rules of behavior Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Prohibit unfair practices Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7ad83b58-2042-085d-08f0-13e946f26f89 Update rules of behavior and access agreements every 3 years Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d02498e0-8a6f-6b02-8332-19adf6711d1e Develop organization code of conduct policy Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6610f662-37e9-2f71-65be-502bdc2f554d Update rules of behavior and access agreements Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance SOC_2 CC1.1 SOC_2_CC1.1 SOC 2 Type 2 CC1.1 COSO Principle 1 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC1.2 SOC_2_CC1.2 SOC 2 Type 2 CC1.2 COSO Principle 2 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Appoint a senior information security officer Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance SOC_2 CC1.3 SOC_2_CC1.3 SOC 2 Type 2 CC1.3 COSO Principle 3 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance SOC_2 CC1.4 SOC_2_CC1.4 SOC 2 Type 2 CC1.4 COSO Principle 4 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5decc032-95bd-2163-9549-a41aba83228e Implement formal sanctions process Regulatory Compliance SOC_2 CC1.5 SOC_2_CC1.5 SOC 2 Type 2 CC1.5 COSO Principle 5 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance SOC_2 CC1.5 SOC_2_CC1.5 SOC 2 Type 2 CC1.5 COSO Principle 5 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance SOC_2 CC1.5 SOC_2_CC1.5 SOC 2 Type 2 CC1.5 COSO Principle 5 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6228396e-2ace-7ca5-3247-45767dbf52f4 Notify personnel upon sanctions Regulatory Compliance SOC_2 CC1.5 SOC_2_CC1.5 SOC 2 Type 2 CC1.5 COSO Principle 5 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 CC2.1 SOC_2_CC2.1 SOC 2 Type 2 CC2.1 COSO Principle 13 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 CC2.1 SOC_2_CC2.1 SOC 2 Type 2 CC2.1 COSO Principle 13 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 CC2.1 SOC_2_CC2.1 SOC 2 Type 2 CC2.1 COSO Principle 13 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
509552f5-6528-3540-7959-fbeae4832533 Enforce rules of behavior and access agreements Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
42116f15-5665-a52a-87bb-b40e64c74b6c Develop acceptable use policies and procedures Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2 CC2.2 SOC_2_CC2.2 SOC 2 Type 2 CC2.2 COSO Principle 14 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance SOC_2 CC2.3 SOC_2_CC2.3 SOC 2 Type 2 CC2.3 COSO Principle 15 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6b957f60-54cd-5752-44d5-ff5a64366c93 Develop SSP that meets criteria Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 CC3.1 SOC_2_CC3.1 SOC 2 Type 2 CC3.1 COSO Principle 6 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
11ba0508-58a8-44de-5f3a-9e05d80571da Develop business classification schemes Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
93fa357f-2e38-22a9-5138-8cc5124e1923 Categorize information Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC3.2 SOC_2_CC3.2 SOC 2 Type 2 CC3.2 COSO Principle 7 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC3.3 SOC_2_CC3.3 SOC 2 Type 2 CC3.3 COSO Principle 8 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC3.4 SOC_2_CC3.4 SOC 2 Type 2 CC3.4 COSO Principle 9 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Develop security assessment plan Regulatory Compliance SOC_2 CC4.1 SOC_2_CC4.1 SOC 2 Type 2 CC4.1 COSO Principle 16 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f78fc35e-1268-0bca-a798-afcba9d2330a Select additional testing for security control assessments Regulatory Compliance SOC_2 CC4.1 SOC_2_CC4.1 SOC 2 Type 2 CC4.1 COSO Principle 16 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c423e64d-995c-9f67-0403-b540f65ba42a Assess Security Controls Regulatory Compliance SOC_2 CC4.1 SOC_2_CC4.1 SOC 2 Type 2 CC4.1 COSO Principle 16 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8e49107c-3338-40d1-02aa-d524178a2afe Deliver security assessment results Regulatory Compliance SOC_2 CC4.2 SOC_2_CC4.2 SOC 2 Type 2 CC4.2 COSO Principle 17 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
70a7a065-a060-85f8-7863-eb7850ed2af9 Produce Security Assessment report Regulatory Compliance SOC_2 CC4.2 SOC_2_CC4.2 SOC 2 Type 2 CC4.2 COSO Principle 17 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC5.1 SOC_2_CC5.1 SOC 2 Type 2 CC5.1 COSO Principle 10 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC5.1 SOC_2_CC5.1 SOC 2 Type 2 CC5.1 COSO Principle 10 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SOC_2 CC5.2 SOC_2_CC5.2 SOC 2 Type 2 CC5.2 COSO Principle 11 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 COSO Principle 12 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2927e340-60e4-43ad-6b5f-7a1468232cc2 Configure detection whitelist Regulatory Compliance SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 COSO Principle 12 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 COSO Principle 12 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 COSO Principle 12 SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
92ede480-154e-0e22-4dca-8b46a74a3a51 Maintain records of processing of personal data Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
043c1e56-5a16-52f8-6af8-583098ff3e60 Create a data inventory Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL SOC_2 CC6.1 SOC_2_CC6.1 SOC 2 Type 2 CC6.1 Logical access security software, infrastructure, and architectures SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SOC_2 CC6.2 SOC_2_CC6.2 SOC 2 Type 2 CC6.2 Access provisioning and removal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance SOC_2 CC6.3 SOC_2_CC6.3 SOC 2 Type 2 CC6.3 Rol based access and least privilege SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 CC6.4 SOC_2_CC6.4 SOC 2 Type 2 CC6.4 Restricted physical access SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SOC_2 CC6.5 SOC_2_CC6.5 SOC 2 Type 2 CC6.5 Logical and physical protections over physical assets SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance SOC_2 CC6.5 SOC_2_CC6.5 SOC 2 Type 2 CC6.5 Logical and physical protections over physical assets SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance SOC_2 CC6.6 SOC_2_CC6.6 SOC 2 Type 2 CC6.6 Security measures against threats outside system boundaries SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Define mobile device requirements Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eaaae23f-92c9-4460-51cf-913feaea4d52 Employ a media sanitization mechanism Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SOC_2 CC6.7 SOC_2_CC6.7 SOC 2 Type 2 CC6.7 Restrict the movement of information to authorized users SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SOC_2 CC6.8 SOC_2_CC6.8 SOC 2 Type 2 CC6.8 Prevent or detect against unauthorized or malicious software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
426c172c-9914-10d1-25dd-669641fc1af4 Enable detection of network devices Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 Detection and monitoring of new vulnerabilities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration SOC_2 CC7.2 SOC_2_CC7.2 SOC 2 Type 2 CC7.2 Monitor system components for anomalous behavior SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance SOC_2 CC7.3 SOC_2_CC7.3 SOC 2 Type 2 CC7.3 Security incidents detection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1e0d5ba8-a433-01aa-829c-86b06c9631ec Include dynamic reconfig of customer deployed resources Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SOC_2 CC7.4 SOC_2_CC7.4 SOC 2 Type 2 CC7.4 Security incidents response SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d4e6a629-28eb-79a9-000b-88030e4823ca Coordinate with external organizations to achieve cross org perspective Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 Recovery from identified security incidents SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes SOC_2 CC8.1 SOC_2_CC8.1 SOC 2 Type 2 CC8.1 Changes to infrastructure, data, and software SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SOC_2 CC9.1 SOC_2_CC9.1 SOC 2 Type 2 CC9.1 Risk mitigation activities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SOC_2 CC9.1 SOC_2_CC9.1 SOC 2 Type 2 CC9.1 Risk mitigation activities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
dbcef108-7a04-38f5-8609-99da110a2a57 Determine information protection needs Regulatory Compliance SOC_2 CC9.1 SOC_2_CC9.1 SOC 2 Type 2 CC9.1 Risk mitigation activities SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f8ded0c6-a668-9371-6bb6-661d58787198 Monitor third-party provider compliance Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e8c31e15-642d-600f-78ab-bad47a5787e6 Require third-party providers to comply with personnel security policies and procedures Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
3881168c-5d38-6f04-61cc-b5d87b2c4c58 Establish third-party personnel security requirements Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SOC_2 CC9.2 SOC_2_CC9.2 SOC 2 Type 2 CC9.2 Vendors and business partners risk management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ee67c031-57fc-53d0-0cca-96c4c04345e8 Document and distribute a privacy policy Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1beb1269-62ee-32cd-21ad-43d6c9750eb6 Ensure privacy program information is publicly available Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5023a9e7-8e64-2db6-31dc-7bce27f796af Provide privacy notice to the public and to individuals Regulatory Compliance SOC_2 P1.1 SOC_2_P1.1 SOC 2 Type 2 P1.1 Privacy notice SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
271a3e58-1b38-933d-74c9-a580006b80aa Document personnel acceptance of privacy requirements Regulatory Compliance SOC_2 P2.1 SOC_2_P2.1 SOC 2 Type 2 P2.1 Privacy consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance SOC_2 P2.1 SOC_2_P2.1 SOC 2 Type 2 P2.1 Privacy consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 P2.1 SOC_2_P2.1 SOC 2 Type 2 P2.1 Privacy consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 P2.1 SOC_2_P2.1 SOC 2 Type 2 P2.1 Privacy consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance SOC_2 P3.1 SOC_2_P3.1 SOC 2 Type 2 P3.1 Consistent personal information collection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
18e7906d-4197-20fa-2f14-aaac21864e71 Document process to ensure integrity of PII Regulatory Compliance SOC_2 P3.1 SOC_2_P3.1 SOC 2 Type 2 P3.1 Consistent personal information collection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
7d70383a-32f4-a0c2-61cf-a134851968c2 Determine legal authority to collect PII Regulatory Compliance SOC_2 P3.1 SOC_2_P3.1 SOC 2 Type 2 P3.1 Consistent personal information collection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance SOC_2 P3.1 SOC_2_P3.1 SOC 2 Type 2 P3.1 Consistent personal information collection SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
964b340a-43a4-4798-2af5-7aedf6cb001b Collect PII directly from the individual Regulatory Compliance SOC_2 P3.2 SOC_2_P3.2 SOC 2 Type 2 P3.2 Personal information explicit consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance SOC_2 P3.2 SOC_2_P3.2 SOC 2 Type 2 P3.2 Personal information explicit consent SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
79c75b38-334b-1a69-65e0-a9d929a42f75 Document the legal basis for processing personal information Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
069101ac-4578-31da-0cd4-ff083edd3eb4 Obtain consent prior to collection or processing of personal data Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance SOC_2 P4.1 SOC_2_P4.1 SOC 2 Type 2 P4.1 Personal information use SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance SOC_2 P4.2 SOC_2_P4.2 SOC 2 Type 2 P4.2 Personal information retention SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
18e7906d-4197-20fa-2f14-aaac21864e71 Document process to ensure integrity of PII Regulatory Compliance SOC_2 P4.2 SOC_2_P4.2 SOC 2 Type 2 P4.2 Personal information retention SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Verify personal data is deleted at the end of processing Regulatory Compliance SOC_2 P4.3 SOC_2_P4.3 SOC 2 Type 2 P4.3 Personal information disposal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b5a4be05-3997-1731-3260-98be653610f6 Perform disposition review Regulatory Compliance SOC_2 P4.3 SOC_2_P4.3 SOC 2 Type 2 P4.3 Personal information disposal SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ad1d562b-a04b-15d3-6770-ed310b601cb5 Publish rules and regulations accessing Privacy Act records Regulatory Compliance SOC_2 P5.1 SOC_2_P5.1 SOC 2 Type 2 P5.1 Personal information access SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Implement methods for consumer requests Regulatory Compliance SOC_2 P5.1 SOC_2_P5.1 SOC 2 Type 2 P5.1 Personal information access SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
27ab3ac0-910d-724d-0afa-1a2a01e996c0 Respond to rectification requests Regulatory Compliance SOC_2 P5.2 SOC_2_P5.2 SOC 2 Type 2 P5.2 Personal information correction SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8b1da407-5e60-5037-612e-2caa1b590719 Record disclosures of PII to third parties Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f8d141b7-4e21-62a6-6608-c79336e36bc9 Establish privacy requirements for contractors and service providers Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance SOC_2 P6.1 SOC_2_P6.1 SOC 2 Type 2 P6.1 Personal information third party disclosure SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information Regulatory Compliance SOC_2 P6.2 SOC_2_P6.2 SOC 2 Type 2 P6.2 Authorized disclosure of personal information record SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information Regulatory Compliance SOC_2 P6.3 SOC_2_P6.3 SOC 2 Type 2 P6.3 Unauthorized disclosure of personal information record SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
52375c01-4d4c-7acc-3aa4-5b3d53a047ec Define the duties of processors Regulatory Compliance SOC_2 P6.4 SOC_2_P6.4 SOC 2 Type 2 P6.4 Third party agreements SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SOC_2 P6.5 SOC_2_P6.5 SOC 2 Type 2 P6.5 Third party unauthorized disclosure notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance SOC_2 P6.6 SOC_2_P6.6 SOC 2 Type 2 P6.6 Privacy incident notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SOC_2 P6.6 SOC_2_P6.6 SOC 2 Type 2 P6.6 Privacy incident notification SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
d4f70530-19a2-2a85-6e0c-0c3c465e3325 Make accounting of disclosures available upon request Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Keep accurate accounting of disclosures of information Regulatory Compliance SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Accounting of disclosure of personal information SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0461cacd-0b3b-4f66-11c5-81c9b19a3d22 Verify inaccurate or outdated PII Regulatory Compliance SOC_2 P7.1 SOC_2_P7.1 SOC 2 Type 2 P7.1 Personal information quality SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8bb40df9-23e4-4175-5db3-8dba86349b73 Confirm quality and integrity of PII Regulatory Compliance SOC_2 P7.1 SOC_2_P7.1 SOC 2 Type 2 P7.1 Personal information quality SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Issue guidelines for ensuring data quality and integrity Regulatory Compliance SOC_2 P7.1 SOC_2_P7.1 SOC 2 Type 2 P7.1 Personal information quality SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
6ab47bbf-867e-9113-7998-89b58f77326a Respond to complaints, concerns, or questions timely Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8019d788-713d-90a1-5570-dac5052f517d Train staff on PII sharing and its consequences Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Document and implement privacy complaint procedures Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
34738025-5925-51f9-1081-f2d0060133ed Information security and personal data protection Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
b6b32f80-a133-7600-301e-398d688e7e0c Evaluate and review PII holdings regularly Regulatory Compliance SOC_2 P8.1 SOC_2_P8.1 SOC 2 Type 2 P8.1 Privacy complaint management and compliance management SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
098a7b84-1031-66d8-4e78-bd15b5fd2efb Provide privacy notice Regulatory Compliance SOC_2 PI1.1 SOC_2_PI1.1 SOC 2 Type 2 PI1.1 Data processing definitions SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
5020f3f4-a579-2f28-72a8-283c5a0b15f9 Restrict communications Regulatory Compliance SOC_2 PI1.1 SOC_2_PI1.1 SOC 2 Type 2 PI1.1 Data processing definitions SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
06f84330-4c27-21f7-72cd-7488afd50244 Implement privacy notice delivery methods Regulatory Compliance SOC_2 PI1.1 SOC_2_PI1.1 SOC 2 Type 2 PI1.1 Data processing definitions SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance SOC_2 PI1.2 SOC_2_PI1.2 SOC 2 Type 2 PI1.2 System inputs over completeness and accuracy SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Generate error messages Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
8b1f29eb-1b22-4217-5337-9207cb55231e Perform information input validation Regulatory Compliance SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 System processing SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 PI1.4 SOC_2_PI1.4 SOC 2 Type 2 PI1.4 System output is complete, accurate, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 PI1.4 SOC_2_PI1.4 SOC 2 Type 2 PI1.4 System output is complete, accurate, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 PI1.4 SOC_2_PI1.4 SOC 2 Type 2 PI1.4 System output is complete, accurate, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL SOC_2 PI1.5 SOC_2_PI1.5 SOC 2 Type 2 PI1.5 Store inputs and outputs completely, accurately, and timely SOC 2 Type 2 (4054785f-702b-4a98-9215-009cbd58b141)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL SWIFT_CSCF_v2021 1.1 SWIFT_CSCF_v2021_1.1 SWIFT CSCF v2021 1.1 SWIFT Environment Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL SWIFT_CSCF_v2021 1.2 SWIFT_CSCF_v2021_1.2 SWIFT CSCF v2021 1.2 Operating System Privileged Account Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2021 1.3 SWIFT_CSCF_v2021_1.3 SWIFT CSCF v2021 1.3 Virtualisation Platform Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center SWIFT_CSCF_v2021 1.4 SWIFT_CSCF_v2021_1.4 SWIFT CSCF v2021 1.4 Restriction of Internet Access [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service SWIFT_CSCF_v2021 2.1 SWIFT_CSCF_v2021_2.1 SWIFT CSCF v2021 2.1 Internal Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4221adbc-5c0f-474f-88b7-037a99e6114c Audit Windows VMs with a pending reboot Guest Configuration SWIFT_CSCF_v2021 2.2 SWIFT_CSCF_v2021_2.2 SWIFT CSCF v2021 2.2 Security Updates [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center SWIFT_CSCF_v2021 2.2 SWIFT_CSCF_v2021_2.2 SWIFT CSCF v2021 2.2 Security Updates [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center SWIFT_CSCF_v2021 2.2 SWIFT_CSCF_v2021_2.2 SWIFT CSCF v2021 2.2 Security Updates [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1417908b-4bff-46ee-a2a6-4acc899320ab Audit Windows machines that contain certificates expiring within the specified number of days Guest Configuration SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration SWIFT_CSCF_v2021 2.3 SWIFT_CSCF_v2021_2.3 SWIFT CSCF v2021 2.3 System Hardening [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2021 2.4A SWIFT_CSCF_v2021_2.4A SWIFT CSCF v2021 2.4A Back-office Data Flow Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SWIFT_CSCF_v2021 2.5A SWIFT_CSCF_v2021_2.5A SWIFT CSCF v2021 2.5A External Transmission Data Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service SWIFT_CSCF_v2021 2.6 SWIFT_CSCF_v2021_2.6 SWIFT CSCF v2021 2.6 Operator Session Confidentiality and Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center SWIFT_CSCF_v2021 2.7 SWIFT_CSCF_v2021_2.7 SWIFT CSCF v2021 2.7 Vulnerability Scanning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2021 3.1 SWIFT_CSCF_v2021_3.1 SWIFT CSCF v2021 3.1 Physical Security [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SWIFT_CSCF_v2021 4.1 SWIFT_CSCF_v2021_4.1 SWIFT CSCF v2021 4.1 Password Policy [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center SWIFT_CSCF_v2021 4.2 SWIFT_CSCF_v2021_4.2 SWIFT CSCF v2021 4.2 Multi-factor Authentication [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center SWIFT_CSCF_v2021 4.2 SWIFT_CSCF_v2021_4.2 SWIFT CSCF v2021 4.2 Multi-factor Authentication [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center SWIFT_CSCF_v2021 4.2 SWIFT_CSCF_v2021_4.2 SWIFT CSCF v2021 4.2 Multi-factor Authentication [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2021 5.1 SWIFT_CSCF_v2021_5.1 SWIFT CSCF v2021 5.1 Logical Access Control [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_v2021 5.2 SWIFT_CSCF_v2021_5.2 SWIFT CSCF v2021 5.2 Token Management [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2021 5.2 SWIFT_CSCF_v2021_5.2 SWIFT CSCF v2021 5.2 Token Management [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service SWIFT_CSCF_v2021 5.2 SWIFT_CSCF_v2021_5.2 SWIFT CSCF v2021 5.2 Token Management [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service SWIFT_CSCF_v2021 5.4 SWIFT_CSCF_v2021_5.4 SWIFT CSCF v2021 5.4 Physical and Logical Password Storage [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration SWIFT_CSCF_v2021 5.4 SWIFT_CSCF_v2021_5.4 SWIFT CSCF v2021 5.4 Physical and Logical Password Storage [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service SWIFT_CSCF_v2021 5.4 SWIFT_CSCF_v2021_5.4 SWIFT CSCF v2021 5.4 Physical and Logical Password Storage [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SWIFT_CSCF_v2021 5.4 SWIFT_CSCF_v2021_5.4 SWIFT CSCF v2021 5.4 Physical and Logical Password Storage [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute SWIFT_CSCF_v2021 6.1 SWIFT_CSCF_v2021_6.1 SWIFT CSCF v2021 6.1 Malware Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center SWIFT_CSCF_v2021 6.1 SWIFT_CSCF_v2021_6.1 SWIFT CSCF v2021 6.1 Malware Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center SWIFT_CSCF_v2021 6.1 SWIFT_CSCF_v2021_6.1 SWIFT CSCF v2021 6.1 Malware Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SWIFT_CSCF_v2021 6.1 SWIFT_CSCF_v2021_6.1 SWIFT CSCF v2021 6.1 Malware Protection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 6.2 SWIFT_CSCF_v2021_6.2 SWIFT CSCF v2021 6.2 Software Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes SWIFT_CSCF_v2021 6.2 SWIFT_CSCF_v2021_6.2 SWIFT CSCF v2021 6.2 Software Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 6.2 SWIFT_CSCF_v2021_6.2 SWIFT CSCF v2021 6.2 Software Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL SWIFT_CSCF_v2021 6.3 SWIFT_CSCF_v2021_6.3 SWIFT CSCF v2021 6.3 Database Integrity [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SWIFT_CSCF_v2021 6.4 SWIFT_CSCF_v2021_6.4 SWIFT CSCF v2021 6.4 Logging and Monitoring [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2021 6.5A SWIFT_CSCF_v2021_6.5A SWIFT CSCF v2021 6.5A Intrusion Detection [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SWIFT_CSCF_v2021 7.1 SWIFT_CSCF_v2021_7.1 SWIFT CSCF v2021 7.1 Cyber Incident Response Planning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SWIFT_CSCF_v2021 7.1 SWIFT_CSCF_v2021_7.1 SWIFT CSCF v2021 7.1 Cyber Incident Response Planning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SWIFT_CSCF_v2021 7.1 SWIFT_CSCF_v2021_7.1 SWIFT CSCF v2021 7.1 Cyber Incident Response Planning [Preview]: SWIFT CSP-CSCF v2021 (abf84fac-f817-a70c-14b5-47eec767458a)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Check for privacy and security compliance before establishing internal connections Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3eabed6d-1912-2d3c-858b-f438d08d0412 Ensure external providers consistently meet interests of the customers Regulatory Compliance SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SWIFT_CSCF_v2022 1.1 SWIFT_CSCF_v2022_1.1 SWIFT CSCF v2022 1.1 Ensure the protection of the user's local SWIFT infrastructure from potentially compromised elements of the general IT environment and external environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
39eb03c1-97cc-11ab-0960-6209ed2869f7 Establish a privacy program Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f7eb1d0b-6d4f-2d59-1591-7563e11a9313 Define and enforce conditions for shared and group accounts Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
af227964-5b8b-22a2-9364-06d2cb9d6d7c Develop information security policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2ea1058-8998-3dd1-84f1-82132ad482fd Develop and establish a system security plan Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
df2e9507-169b-4114-3a52-877561ee3198 Implement security engineering principles of information systems Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
afbecd30-37ee-a27b-8e09-6ac49951a0ee Establish security requirements for the manufacturing of connected devices Regulatory Compliance SWIFT_CSCF_v2022 1.2 SWIFT_CSCF_v2022_1.2 SWIFT CSCF v2022 1.2 Restrict and control the allocation and usage of administrator-level operating system accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2022 1.3 SWIFT_CSCF_v2022_1.3 SWIFT CSCF v2022 1.3 Secure the virtualisation platform and virtual machines (VMs) that host SWIFT-related components to the same level as physical systems. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 1.3 SWIFT_CSCF_v2022_1.3 SWIFT CSCF v2022 1.3 Secure the virtualisation platform and virtual machines (VMs) that host SWIFT-related components to the same level as physical systems. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance SWIFT_CSCF_v2022 1.4 SWIFT_CSCF_v2022_1.4 SWIFT CSCF v2022 1.4 Control/Protect Internet access from operator PCs and systems within the secure zone. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b262e1dd-08e9-41d4-963a-258909ad794b Implement managed interface for each external service Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
80029bc5-834f-3a9c-a2d8-acbc1aab4e9f Employ restrictions on external system interconnections Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center SWIFT_CSCF_v2022 1.5A SWIFT_CSCF_v2022_1.5A SWIFT CSCF v2022 1.5A Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially compromised elements of the general IT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 Ensure a consistent and effective approach for the event monitoring and escalation. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
37546841-8ea1-5be0-214d-8ac599588332 Maintain incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2401b496-7f23-79b2-9f80-89bb5abf3d4a Protect incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
37b0045b-3887-367b-8b4d-b9a6fa911bb9 Assess information security events Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
423f6d9c-0c73-9cc6-64f4-b52242490368 Develop security safeguards Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0fd1ca29-677b-2f12-1879-639716459160 Maintain data breach records Regulatory Compliance SWIFT_CSCF_v2022 11.2 SWIFT_CSCF_v2022_11.2 SWIFT CSCF v2022 11.2 Ensure a consistent and effective approach for the management of incidents (Problem Management). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
92b49e92-570f-1765-804a-378e6c592e28 Automate process to highlight unreviewed change proposals Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Automate process to document implemented changes Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 Ensure an adequate escalation of operational malfunctions in case of customer impact. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
037c0089-6606-2dab-49ad-437005b5035f Identify incident response personnel Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
433de59e-7a53-a766-02c2-f80f8421469a Implement incident handling Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ba78efc6-795c-64f4-7a02-91effbd34af9 Execute actions in response to information spills Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
98145a9b-428a-7e81-9d14-ebb154a24f93 View and investigate restricted users Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c255136-994b-9616-79f5-ae87810e0dcf Enable network protection Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b470a37a-7a47-3792-34dd-7a793140702e Establish relationship between incident response capability and external providers Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
54a9c072-4a93-2a03-6a43-a060d30383d7 Eradicate contaminated information Regulatory Compliance SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 Effective support is offered to customers in case they face problems during their business hours. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance SWIFT_CSCF_v2022 12.1 SWIFT_CSCF_v2022_12.1 SWIFT CSCF v2022 12.1 Ensure quality of service to customers through SWIFT certified employees. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance SWIFT_CSCF_v2022 12.1 SWIFT_CSCF_v2022_12.1 SWIFT CSCF v2022 12.1 Ensure quality of service to customers through SWIFT certified employees. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance SWIFT_CSCF_v2022 12.1 SWIFT_CSCF_v2022_12.1 SWIFT CSCF v2022 12.1 Ensure quality of service to customers through SWIFT certified employees. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
13ef3484-3a51-785a-9c96-500f21f84edd Information flow control using security policy filters Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c7d57a6a-7cc2-66c0-299f-83bf90558f5d Enforce random unique session identifiers Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
de077e7e-0cc8-65a6-6e08-9ab46c827b05 Produce, control and distribute asymmetric cryptographic keys Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Isolate SecurID systems, Security Incident Management systems Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ff1efad2-6b09-54cc-01bf-d386c4d558a8 Secure the interface to external systems Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
311802f9-098d-0659-245a-94c5d47c0182 Employ boundary protection to isolate information systems Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
16c54e01-9e65-7524-7c33-beda48a75779 Produce, control and distribute symmetric cryptographic keys Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance SWIFT_CSCF_v2022 2.1 SWIFT_CSCF_v2022_2.1 SWIFT CSCF v2022 2.1 Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance SWIFT_CSCF_v2022 2.11A SWIFT_CSCF_v2022_2.11A SWIFT CSCF v2022 2.11A Restrict transaction activity to validated and approved business counterparties. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Disseminate security alerts to personnel Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4221adbc-5c0f-474f-88b7-037a99e6114c Audit Windows VMs with a pending reboot Guest Configuration SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5e4e9685-3818-5934-0071-2620c4fa2ca5 Retain previous versions of baseline configs Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5c40f27b-6791-18c5-3f85-7b863bd99c11 Automate proposed documented changes Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1282809c-9001-176b-4a81-260a085f4872 Perform audit for configuration change control Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1417908b-4bff-46ee-a2a6-4acc899320ab Audit Windows machines that contain certificates expiring within the specified number of days Guest Configuration SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d18af1ac-0086-4762-6dc8-87cdded90e39 Perform a privacy impact assessment Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8747b573-8294-86a0-8914-49e9b06a5ace Establish configuration management requirements for developers Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
055da733-55c6-9e10-8194-c40731057ec4 Develop and maintain a vulnerability management standard Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
203101f5-99a3-1491-1b56-acccd9b66a9e Conduct a security impact analysis Regulatory Compliance SWIFT_CSCF_v2022 2.3 SWIFT_CSCF_v2022_2.3 SWIFT CSCF v2022 2.3 Reduce the cyber-attack surface of SWIFT-related components by performing system hardening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fe2dff43-0a8c-95df-0432-cb1c794b17d0 Notify users of system logon or access Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 2.4 SWIFT_CSCF_v2022_2.4 SWIFT CSCF v2022 2.4 Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure components and the back-office first hops they connect to. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration SWIFT_CSCF_v2022 2.4A SWIFT_CSCF_v2022_2.4A SWIFT CSCF v2022 2.4A Back-office Data Flow Security SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2022 2.4A SWIFT_CSCF_v2022_2.4A SWIFT CSCF v2022 2.4A Back-office Data Flow Security SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2022 2.4A SWIFT_CSCF_v2022_2.4A SWIFT CSCF v2022 2.4A Back-office Data Flow Security SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f23967c-a74b-9a09-9dc2-f566f61a87b9 Establish backup policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4ac81669-00e2-9790-8648-71bc11bc91eb Manage the transportation of assets Regulatory Compliance SWIFT_CSCF_v2022 2.5 SWIFT_CSCF_v2022_2.5 SWIFT CSCF v2022 2.5 Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bf045164-79ba-4215-8f95-f8048dc1780b Geo-redundant storage should be enabled for Storage Accounts Storage SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage SWIFT_CSCF_v2022 2.5A SWIFT_CSCF_v2022_2.5A SWIFT CSCF v2022 2.5A External Transmission Data Protection SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d472d2c9-d6a3-4500-9f5f-b15f123005aa Windows machines should meet requirements for 'Security Options - Interactive Logon' Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d6653f89-7cb5-24a4-9d71-51581038231b Reauthenticate or terminate a user session Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04b3e7f6-4841-888d-4799-cda19a0084f6 Document and implement wireless access guidelines Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d42a8f69-a193-6cbc-48b9-04a9e29961f1 Protect wireless access Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 2.6 SWIFT_CSCF_v2022_2.6 SWIFT CSCF v2022 2.6 Protect the confidentiality and integrity of interactive operator sessions that connect to the local or remote (operated by a service provider) SWIFT infrastructure or service provider SWIFT-related applications SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34aac8b2-488a-2b96-7280-5b9b481a317a Incorporate flaw remediation into configuration management Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2022 2.7 SWIFT_CSCF_v2022_2.7 SWIFT CSCF v2022 2.7 Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability scanning process and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cbfa1bd0-714d-8d6f-0480-2ad6a53972df Define and document government oversight Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4e45863d-9ea9-32b4-a204-2680bc6007a6 Require external service providers to comply with security requirements Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Undergo independent security review Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ffea18d9-13de-6505-37f3-4c1f88070ad7 Review cloud service provider's compliance with policies and agreements Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9150259b-617b-596d-3bf5-5ca3fce20335 Establish policies for supply chain risk management Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b2f3a72-9e68-3993-2b69-13dcdecf8958 Define requirements for supplying goods and services Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SWIFT_CSCF_v2022 2.8.5 SWIFT_CSCF_v2022_2.8.5 SWIFT CSCF v2022 2.8.5 Ensure a consistent and effective approach for the customers’ messaging monitoring. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
13efd2d7-3980-a2a4-39d0-527180c009e8 Document security assurance requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Document requirements for the use of shared data in contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
57927290-8000-59bf-3776-90c468ac5b4b Document security functional requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
67ada943-8539-083d-35d0-7af648974125 Determine supplier contract obligations Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d78f95ba-870a-a500-6104-8a5ce2534f19 Document protection of security information in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a465e8e9-0095-85cb-a05f-1dd4960d02af Document security documentation requirements in acquisition contract Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
77acc53d-0f67-6e06-7d04-5750653d4629 Document the protection of cardholder data in third party contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0803eaa7-671c-08a7-52fd-ac419f775e75 Document acquisition contract acceptance criteria Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f9ec3263-9562-1768-65a1-729793635a8d Document protection of personal data in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 2.8A SWIFT_CSCF_v2022_2.8A SWIFT CSCF v2022 2.8A Ensure the protection of the local SWIFT infrastructure from risks exposed by the outsourcing of critical activities. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 2.9 SWIFT_CSCF_v2022_2.9 SWIFT CSCF v2022 2.9 Ensure outbound transaction activity within the expected bounds of normal business. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa0ddd99-43eb-302d-3f8f-42b499182960 Install an alarm system Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
27965e62-141f-8cca-426f-d09514ee5216 Establish and maintain an asset inventory Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f2222056-062d-1060-6dc2-0107a68c34b2 Manage a secure surveillance camera system Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 3.1 SWIFT_CSCF_v2022_3.1 SWIFT CSCF v2022 3.1 Prevent unauthorised physical access to sensitive equipment, workplace environments, hosting sites, and storage. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
29363ae1-68cd-01ca-799d-92c9197c8404 Manage authenticator lifetime and reuse Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance SWIFT_CSCF_v2022 4.1 SWIFT_CSCF_v2022_4.1 SWIFT CSCF v2022 4.1 Ensure passwords are sufficiently resistant against common password attacks by implementing and enforcing an effective password policy. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance SWIFT_CSCF_v2022 4.2 SWIFT_CSCF_v2022_4.2 SWIFT CSCF v2022 4.2 Prevent that a compromise of a single authentication factor allows access into SWIFT-related systems or applications by implementing multi-factor authentication. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center SWIFT_CSCF_v2022 4.2 SWIFT_CSCF_v2022_4.2 SWIFT CSCF v2022 4.2 Prevent that a compromise of a single authentication factor allows access into SWIFT-related systems or applications by implementing multi-factor authentication. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center SWIFT_CSCF_v2022 4.2 SWIFT_CSCF_v2022_4.2 SWIFT CSCF v2022 4.2 Prevent that a compromise of a single authentication factor allows access into SWIFT-related systems or applications by implementing multi-factor authentication. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center SWIFT_CSCF_v2022 4.2 SWIFT_CSCF_v2022_4.2 SWIFT CSCF v2022 4.2 Prevent that a compromise of a single authentication factor allows access into SWIFT-related systems or applications by implementing multi-factor authentication. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance SWIFT_CSCF_v2022 4.2 SWIFT_CSCF_v2022_4.2 SWIFT CSCF v2022 4.2 Prevent that a compromise of a single authentication factor allows access into SWIFT-related systems or applications by implementing multi-factor authentication. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1417908b-4bff-46ee-a2a6-4acc899320ab Audit Windows machines that contain certificates expiring within the specified number of days Guest Configuration SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
623b5f0a-8cbd-03a6-4892-201d27302f0c Define information system account types Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4c6df5ff-4ef2-4f17-a516-0da9189c603b Assign account managers Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a08b18c7-9e0a-89f1-3696-d80902196719 Document access privileges Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
97cfd944-6f0c-7db2-3796-8e890ef70819 Establish conditions for role membership Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Monitor account activity Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
341bc9f1-7489-07d9-4ec6-971573e1546a Define access authorizations to support separation of duties Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e6f7b584-877a-0d69-77d4-ab8b923a9650 Document separation of duties Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
60ee1260-97f0-61bb-8155-5d8b75743655 Separate duties of individuals Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance SWIFT_CSCF_v2022 5.1 SWIFT_CSCF_v2022_5.1 SWIFT CSCF v2022 5.1 Enforce the security principles of need-to-know access, least privilege, and separation of duties for operator accounts. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
098dcde7-016a-06c3-0985-0daaf3301d3a Distribute authenticators Regulatory Compliance SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Establish authenticator types and processes Regulatory Compliance SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
72889284-15d2-90b2-4b39-a1e9541e1152 Verify identity before distributing authenticators Regulatory Compliance SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
35963d41-4263-0ef9-98d5-70eb058f9e3c Establish procedures for initial authenticator distribution Regulatory Compliance SWIFT_CSCF_v2022 5.2 SWIFT_CSCF_v2022_5.2 SWIFT CSCF v2022 5.2 Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e0c480bf-0d68-a42d-4cbb-b60f851f8716 Implement personnel screening Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c42f19c9-5d88-92da-0742-371a0ea03126 Clear personnel with access to classified information Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e7589f4e-1e8b-72c2-3692-1e14d7f3699f Ensure access agreements are signed or resigned timely Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c6aeb800-0b19-944d-92dc-59b893722329 Rescreen individuals at a defined frequency Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance SWIFT_CSCF_v2022 5.3A SWIFT_CSCF_v2022_5.3A SWIFT CSCF v2022 5.3A To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d8bbd80e-3bb1-5983-06c2-428526ec6a63 Establish a password policy Regulatory Compliance SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ebb0ba89-6d8c-84a7-252b-7393881e43de Document security strength requirements in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3b30aa25-0f19-6c04-5ca4-bd3f880a763d Implement parameters for memorized secret verifiers Regulatory Compliance SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration SWIFT_CSCF_v2022 5.4 SWIFT_CSCF_v2022_5.4 SWIFT CSCF v2022 5.4 Protect physically and logically the repository of recorded passwords. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5b802722-71dd-a13d-2e7e-231e09589efb Implement privileged access for executing vulnerability scanning activities Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ff136354-1c92-76dc-2dab-80fb7c6a9f1a Observe and report security weaknesses Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bf883b14-9c19-0f37-8825-5e39a8b66d5b Perform threat modeling Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SWIFT_CSCF_v2022 6.1 SWIFT_CSCF_v2022_6.1 SWIFT CSCF v2022 6.1 Ensure that local SWIFT infrastructure is protected against malware and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4 Employ automatic shutdown/restart when violations are detected Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance SWIFT_CSCF_v2022 6.2 SWIFT_CSCF_v2022_6.2 SWIFT CSCF v2022 6.2 Ensure the software integrity of the SWIFT-related components and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0123edae-3567-a05a-9b05-b53ebe9d3e7e View and configure system diagnostic data Regulatory Compliance SWIFT_CSCF_v2022 6.3 SWIFT_CSCF_v2022_6.3 SWIFT CSCF v2022 6.3 Ensure the integrity of the database records for the SWIFT messaging interface or the customer connector and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SWIFT_CSCF_v2022 6.3 SWIFT_CSCF_v2022_6.3 SWIFT CSCF v2022 6.3 Ensure the integrity of the database records for the SWIFT messaging interface or the customer connector and act upon results. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f080164-9f4d-497e-9db6-416dc9f7b48a Network Watcher flow logs should have traffic analytics enabled Network SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Review file and folder activity Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
10874318-0bf7-a41f-8463-03e395482080 Correlate audit records Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0f4fa857-079d-9d3d-5c49-21f616189e03 Provide real-time alerts for audit event failures Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
70fe686f-1f91-7dab-11bf-bca4201e183b Review role group changes weekly Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f48b60c6-4b37-332f-7288-b6ea50d300eb Review controlled folder access events Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8aec4343-9153-9641-172c-defb201f56b3 Review cloud identity report overview Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a30bd8e9-7064-312a-0e1f-e1b485d59f6e Review exploit protection events Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f27a298f-9443-014a-0d40-fef12adf0259 Review administrator assignments weekly Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Integrate cloud app security with a siem Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Integrate audit review, analysis, and reporting Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b3c8cc83-20d3-3890-8bc8-5568777670f4 Establish requirements for audit review and reporting Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 Record security events and detect anomalous actions and operations within the local SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A Detect and contain anomalous network activity into and within the local or remote SWIFT environment. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Identify classes of Incidents and Actions taken Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1fdeb7c4-4c93-8271-a135-17ebe85f1cc7 Incorporate simulated events into incident response training Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Provide information spillage training Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Review and update incident response policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
56fb5173-3865-5a5d-5fad-ae33e53e1577 Address information security issues Regulatory Compliance SWIFT_CSCF_v2022 7.1 SWIFT_CSCF_v2022_7.1 SWIFT CSCF v2022 7.1 Ensure a consistent and effective approach for the management of cyber incidents. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d041726f-00e0-41ca-368c-b1a122066482 Provide role-based practical exercises Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
524e7136-9f6a-75ba-9089-501018151346 Document security and privacy training activities Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1cb7bf71-841c-4741-438a-67c65fdd7194 Provide security training for new users Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d136ae80-54dd-321c-98b4-17acf4af2169 Provide updated security awareness training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
516be556-1353-080d-2c2f-f46f000d5785 Provide periodic security awareness training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9b8b05ec-3d21-215e-5d98-0f7cf0998202 Provide security awareness training for insider threats Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
2b05dca2-25ec-9335-495c-29155f785082 Provide security training before providing access Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
4c385143-09fd-3a34-790c-a5fd9ec77ddc Provide role-based security training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Provide periodic role-based security training Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f6794ab8-9a7d-3b24-76ab-265d3646232b Provide role-based training on suspicious activities Regulatory Compliance SWIFT_CSCF_v2022 7.2 SWIFT_CSCF_v2022_7.2 SWIFT CSCF v2022 7.2 Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and maintain security knowledge of staff with privileged access. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f131c8c5-a54a-4888-1efc-158928924bc1 Require developers to build security architecture Regulatory Compliance SWIFT_CSCF_v2022 7.3A SWIFT_CSCF_v2022_7.3A SWIFT CSCF v2022 7.3A Validate the operational security configuration and identify security gaps by performing penetration testing. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
611ebc63-8600-50b6-a0e3-fef272457132 Employ independent team for penetration testing Regulatory Compliance SWIFT_CSCF_v2022 7.3A SWIFT_CSCF_v2022_7.3A SWIFT CSCF v2022 7.3A Validate the operational security configuration and identify security gaps by performing penetration testing. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Establish a risk management strategy Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Conduct risk assessment and document its results Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
20012034-96f0-85c2-4a86-1ae1eb457802 Review and update risk assessment policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
677e1da4-00c3-287a-563d-f4a1cf9b99a0 Conduct Risk Assessment Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d7c1ecc3-2980-a079-1569-91aec8ac4a77 Conduct risk assessment and distribute its results Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c6fe3856-4635-36b6-983c-070da12a953b Implement the risk management strategy Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Perform a risk assessment Regulatory Compliance SWIFT_CSCF_v2022 7.4A SWIFT_CSCF_v2022_7.4A SWIFT CSCF v2022 7.4A Evaluate the risk and readiness of the organisation based on plausible cyber-attack scenarios. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9af7f88-686a-5a8b-704b-eafdab278977 Obtain legal opinion for monitoring system activities Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7ded6497-815d-6506-242b-e043e0273928 Plan for resumption of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91a54089-2d69-0f56-62dc-b6371a1671c0 Resume all mission and business functions Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7fc1f0da-0050-19bb-3d75-81ae15940df6 Provide monitoring information as needed Regulatory Compliance SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 Ensure availability by formally setting and monitoring the objectives to be achieved SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
cc2f7339-2fac-1ea9-9ca3-cd530fbb0da2 Create alternative actions for identified anomalies Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f30edfad-4e1d-1eef-27ee-9292d6d89842 Perform security function verification at a defined frequency Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
18e9d748-73d4-0c96-55ab-b108bfbd5bc3 Notify personnel of any failed security verification tests Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
d9edcea6-6cb8-0266-a48c-2061fbac4310 Plan for continuance of essential business functions Regulatory Compliance SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 Ensure availability, capacity, and quality of services to customers SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3a868d0c-538f-968b-0191-bddb44da5b75 Require developers to document approved changes and potential impact Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
085467a6-9679-5c65-584a-f55acefd0d43 Require developers to implement only approved changes Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c148208b-1a6f-a4ac-7abc-23b1d41121b1 Document the information system environment in acquisition contracts Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b33d61c1-7463-7025-0ec0-a47585b59147 Require developers to manage change integrity Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
318b2bd9-9c39-9f8b-46a7-048401f33476 Address coding vulnerabilities Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
6de65dc4-8b4f-34b7-9290-eb137a2e2929 Develop and document application security requirements Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e750ca06-1824-464a-2cf3-d0fa754d1cb4 Establish a secure software development program Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f8a63511-66f1-503f-196d-d6217ee0823a Require developers to produce evidence of security assessment plan execution Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance SWIFT_CSCF_v2022 8.5 SWIFT_CSCF_v2022_8.5 SWIFT CSCF v2022 8.5 Ensure early availability of SWIFTNet releases and of the FIN standards for proper testing by the customer before going live. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
3545c827-26ee-282d-4629-23952a12008b Conduct incident response testing Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
de936662-13dc-204c-75ec-1af80f994088 Provide contingency training Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
75b42dcf-7840-1271-260b-852273d7906e Develop contingency planning policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c5784049-959f-6067-420c-f4cefae93076 Coordinate contingency plans with related plans Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
84245967-7882-54f6-2d34-85059f725b47 Establish an information security program Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Distribute policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 9.1 SWIFT_CSCF_v2022_9.1 SWIFT CSCF v2022 9.1 Providers must ensure that the service remains available for customers in the event of a local disturbance or malfunction. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
81b6267b-97a7-9aa5-51ee-d2584a160424 Create separate alternate and primary storage sites Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0f31d98d-5ce2-705b-4aa5-b4f6705110dd Prepare alternate processing site for use as operational site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
5f2e834d-7e40-a4d5-a216-e49b16955ccf Establish requirements for internet service providers Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f33c3238-11d2-508c-877c-4262ec1132e1 Recover and reconstitute resources after any disruption Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
af5ff768-a34b-720e-1224-e6b3214f3ba6 Establish an alternate processing site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
13939f8c-4cd5-a6db-9af4-9dfec35e3722 Identify and mitigate potential issues at alternate storage site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
245fe58b-96f8-9f1e-48c5-7f49903f66fd Establish alternate storage site that facilitates recovery operations Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
178c8b7e-1b6e-4289-44dd-2f1526b678a1 Ensure alternate storage site safeguards are equivalent to primary site Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
b269a749-705e-8bff-055a-147744675cdf Conduct backup of information system documentation Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
f801d58e-5659-9a4a-6e8d-02c9334732e5 Restore resources to operational state Regulatory Compliance SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 Providers must ensure that the service remains available for customers in the event of a site disaster. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
c2eabc28-1e5c-78a2-a712-7cc176c44c07 Implement a penetration testing methodology Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
a8f9c283-9a66-3eb3-9e10-bdba95b85884 Run simulation attacks Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Review and update physical and environmental policies and procedures Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bd6cbcba-4a2d-507c-53e3-296b5c238a8e Develop and document a business continuity and disaster recovery plan Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa305b4d-8c84-1754-0c74-dec004e66be0 Develop contingency plan Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Implement physical security for offices, working areas, and secure areas Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
aa892c0d-2c40-200c-0dd8-eac8c4748ede Employ automatic emergency lighting Regulatory Compliance SWIFT_CSCF_v2022 9.3 SWIFT_CSCF_v2022_9.3 SWIFT CSCF v2022 9.3 Service bureaux must ensure that the service remains available for their customers in the event of a disturbance, a hazard, or an incident. SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
bab9ef1d-a16d-421a-822d-3fa94e808156 Route traffic through managed network access points Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
01ae60e2-38bb-0a32-7b20-d3a091423409 Implement system boundary protection Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
e4e1f896-8a93-1151-43c7-0ad23b081ee2 Authorize, monitor, and control voip Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
33602e78-35e3-4f06-17fb-13dd887448e4 Conduct capacity planning Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth SWIFT CSP-CSCF v2022 (7bc7cd6c-4114-ff31-3cac-59be3157596d)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL U.03 - Business Continuity services U.03 - Business Continuity services 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL U.03 - Business Continuity services U.03 - Business Continuity services 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL U.03 - Business Continuity services U.03 - Business Continuity services 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup U.03.1 - Redundancy U.03.1 - Redundancy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.03.1 - Redundancy U.03.1 - Redundancy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.03.2 - Continuity requirements U.03.2 - Continuity requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup U.03.2 - Continuity requirements U.03.2 - Continuity requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault U.04.1 - Restore function U.04.1 - Restore function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.04.1 - Restore function U.04.1 - Restore function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault U.04.1 - Restore function U.04.1 - Restore function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault U.04.2 - Restore function U.04.2 - Restore function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.04.2 - Restore function U.04.2 - Restore function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault U.04.2 - Restore function U.04.2 - Restore function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault U.04.3 - Tested U.04.3 - Tested 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.04.3 - Tested U.04.3 - Tested 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault U.04.3 - Tested U.04.3 - Tested 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
08a6b96f-576e-47a2-8511-119a212d344d Azure Edge Hardware Center devices should have double encryption support enabled Azure Edge Hardware Center U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1760f9d4-7206-436e-a28f-d9f3a5c8a227 Azure Batch pools should have disk encryption enabled Batch U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
679da822-78a7-4eff-8fff-a899454a9970 Azure Front Door Standard and Premium should be running minimum TLS version of 1.2 CDN U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight U.05.1 - Cryptographic measures U.05.1 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1760f9d4-7206-436e-a28f-d9f3a5c8a227 Azure Batch pools should have disk encryption enabled Batch U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
08a6b96f-576e-47a2-8511-119a212d344d Azure Edge Hardware Center devices should have double encryption support enabled Azure Edge Hardware Center U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
dfc212af-17ea-423a-9dcb-91e2cb2caa6b Azure Front Door profiles should use Premium tier that supports managed WAF rules and private link CDN U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
72d11df1-dd8a-41f7-8925-b05b960ebafc Azure Synapse workspaces should use private link Synapse U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8b0323be-cc25-4b61-935d-002c3798c6ea Azure Data Factory should use private link Data Factory U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a049bf77-880b-470f-ba6d-9f21c530cf83 Azure Cognitive Search service should use a SKU that supports private link Search U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Key Vault U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0fda3595-9f2b-4592-8675-4231d6fa82fe [Deprecated]: Azure Cognitive Search services should use private link Search U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c06e275-d63d-4540-b761-71f364c2111d Azure Service Bus namespaces should use private link Service Bus U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1d320205-c6a1-4ac6-873d-46224024e8e2 Azure File Sync should use private link Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1ee56206-5dd1-42ab-b02d-8aae8b1634ce Azure API for FHIR should use private link API for FHIR U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
eb907f70-7514-460d-92b3-a5ae93b4f917 Azure Web PubSub Service should use private link Web PubSub U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f39f5f49-4abf-44de-8c70-0756997bfb51 Disk access resources should use private link Compute U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ee980b6d-0eca-4501-8d54-f6290fd512c3 Azure Cognitive Search services should disable public network access Search U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks Workspaces should disable public network access Azure Databricks U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
51c1490f-3319-459c-bbbc-7f391bbed753 Azure Databricks Clusters should disable public IP Azure Databricks U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
258823f2-4595-4b52-b333-cc96192710d8 Azure Databricks Workspaces should use private link Azure Databricks U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9c25c9e4-ee12-4882-afd2-11fb9d87893f Azure Databricks Workspaces should be in a virtual network Azure Databricks U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
df39c015-56a4-45de-b4a3-efe77bed320d IoT Hub device provisioning service instances should use private link Internet of Things U.07.1 - Isolated U.07.1 - Isolated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb74e86f-d351-4b8d-b034-93da7391c01f App Service Environment should have internal encryption enabled App Service U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.07.3 - Management features U.07.3 - Management features 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL U.09.3 - Detection, prevention and recovery U.09.3 - Detection, prevention and recovery 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning U.10.2 - Users U.10.2 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage U.10.3 - Users U.10.3 - Users 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center U.10.5 - Competent U.10.5 - Competent 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service U.11.1 - Policy U.11.1 - Policy 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
da0f98fe-a24b-4ad5-af69-bd0400233661 Audit Windows machines that do not store passwords using reversible encryption Guest Configuration U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d9da03a1-f3c3-412a-9709-947156872263 Azure HDInsight clusters should use encryption in transit to encrypt communication between Azure HDInsight cluster nodes HDInsight U.11.2 - Cryptographic measures U.11.2 - Cryptographic measures 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
08a6b96f-576e-47a2-8511-119a212d344d Azure Edge Hardware Center devices should have double encryption support enabled Azure Edge Hardware Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1760f9d4-7206-436e-a28f-d9f3a5c8a227 Azure Batch pools should have disk encryption enabled Batch U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4ec52d6d-beb7-40c4-9a9e-fe753254690e Azure data factories should be encrypted with a customer-managed key Data Factory U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fa298e57-9444-42ba-bf04-86e8470e32c7 Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption Monitoring U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f7d52b2d-e161-4dfa-a82b-55e564167385 Azure Synapse workspaces should use customer-managed keys to encrypt data at rest Synapse U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
51522a96-0869-4791-82f3-981000c2c67f Bot Service should be encrypted with a customer-managed key Bot Service U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2e94d99a-8a36-4563-bc77-810d8893b671 [Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data Backup U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus Premium namespaces should use a customer-managed key for encryption Service Bus U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5 Logic Apps Integration Service Environment should be encrypted with customer-managed keys Logic Apps U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1f68a601-6e6d-4e42-babf-3f643a047ea2 Azure Monitor Logs clusters should be encrypted with customer-managed key Monitoring U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
64d314f6-6062-4780-a861-c23e8951bee5 Azure HDInsight clusters should use customer-managed keys to encrypt data at rest HDInsight U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Cognitive Services U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
702dd420-7fcc-42c5-afe8-4026edd20fe0 OS and data disks should be encrypted with a customer-managed key Compute U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6 Azure HDInsight clusters should use encryption at host to encrypt data at rest HDInsight U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest Storage U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub namespaces should use a customer-managed key for encryption Event Hub U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Azure Batch account should use customer-managed keys to encrypt data Batch U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
970f84d8-71b6-4091-9979-ace7e3fb6dbb HPC Cache accounts should use customer-managed key for encryption Storage U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
86efb160-8de7-451d-bc08-5d475b0aadae Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password Data Box U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys Kubernetes U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest API for FHIR U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ea0dfaed-95fb-448c-934e-d6e713ce393d Azure Monitor Logs clusters should be created with infrastructure-encryption enabled (double encryption) Monitoring U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
3a58212a-c829-4f13-9872-6371df2fd0b4 Infrastructure encryption should be enabled for Azure Database for MySQL servers SQL U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
41425d9f-d1a5-499a-9932-f8ed8453932c Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host Kubernetes U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Double encryption should be enabled on Azure Data Explorer Azure Data Explorer U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c349d81b-9985-44ae-a8da-ff98d108ede8 Azure Data Box jobs should enable double encryption for data at rest on the device Data Box U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage U.11.3 - Encrypted U.11.3 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage U.12.1 - Network connections U.12.1 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center U.12.1 - Network connections U.12.1 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network U.12.1 - Network connections U.12.1 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center U.12.1 - Network connections U.12.1 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network U.12.1 - Network connections U.12.1 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center U.12.1 - Network connections U.12.1 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center U.12.2 - Network connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network U.12.2 - Network connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network U.12.2 - Network connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage U.12.2 - Network connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center U.12.2 - Network connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center U.12.2 - Network connections U.12.2 - Network connections 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
138ff14d-b687-4faa-a81c-898c91a87fa2 Resource logs in Azure Databricks Workspaces should be enabled Azure Databricks U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
cd906338-3453-47ba-9334-2d654bf845af Azure Front Door Standard or Premium (Plus WAF) should have resource logs enabled Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8a04f872-51e9-4313-97fb-fc1c35430fd8 Azure Front Door should have Resource logs enabled Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes U.15.1 - Events logged U.15.1 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring U.15.3 - Events logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL U.15.3 - Events logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring U.15.3 - Events logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring U.15.3 - Events logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring U.15.3 - Events logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring U.15.3 - Events logged U.15.3 - Events logged 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center U.17.1 - Encrypted U.17.1 - Encrypted 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage UK_NCSC_CSP 1 UK_NCSC_CSP_1 UK NCSC CSP 1 Data in transit protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center UK_NCSC_CSP 10 UK_NCSC_CSP_10 UK NCSC CSP 10 Identity and authentication UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Security Center UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Security Center UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center UK_NCSC_CSP 11 UK_NCSC_CSP_11 UK NCSC CSP 11 External interface protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring UK_NCSC_CSP 13 UK_NCSC_CSP_13 UK NCSC CSP 13 Audit information for users UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL UK_NCSC_CSP 13 UK_NCSC_CSP_13 UK NCSC CSP 13 Audit information for users UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CSP 13 UK_NCSC_CSP_13 UK NCSC CSP 13 Audit information for users UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL UK_NCSC_CSP 2.3 UK_NCSC_CSP_2.3 UK NCSC CSP 2.3 Data at rest protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation UK_NCSC_CSP 2.3 UK_NCSC_CSP_2.3 UK NCSC CSP 2.3 Data at rest protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric UK_NCSC_CSP 2.3 UK_NCSC_CSP_2.3 UK NCSC CSP 2.3 Data at rest protection UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Security Center UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Security Center UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Security Center UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Security Center UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Security Center UK_NCSC_CSP 5.2 UK_NCSC_CSP_5.2 UK NCSC CSP 5.2 Vulnerability management UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center UK_NCSC_CSP 5.3 UK_NCSC_CSP_5.3 UK NCSC CSP 5.3 Protective Monitoring UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute UK_NCSC_CSP 5.3 UK_NCSC_CSP_5.3 UK NCSC CSP 5.3 Protective Monitoring UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage UK_NCSC_CSP 5.3 UK_NCSC_CSP_5.3 UK NCSC CSP 5.3 Protective Monitoring UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Security Center UK_NCSC_CSP 5.3 UK_NCSC_CSP_5.3 UK NCSC CSP 5.3 Protective Monitoring UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center UK_NCSC_CSP 9.1 UK_NCSC_CSP_9.1 UK NCSC CSP 9.1 Authentication of users to management interfaces and support channels UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center UK_NCSC_CSP 9.1 UK_NCSC_CSP_9.1 UK NCSC CSP 9.1 Authentication of users to management interfaces and support channels UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Security Center UK_NCSC_CSP 9.1 UK_NCSC_CSP_9.1 UK NCSC CSP 9.1 Authentication of users to management interfaces and support channels UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Security Center UK_NCSC_CSP 9.1 UK_NCSC_CSP_9.1 UK NCSC CSP 9.1 Authentication of users to management interfaces and support channels UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center UK_NCSC_CSP 9.1 UK_NCSC_CSP_9.1 UK NCSC CSP 9.1 Authentication of users to management interfaces and support channels UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Security Center UK_NCSC_CSP 9.1 UK_NCSC_CSP_9.1 UK NCSC CSP 9.1 Authentication of users to management interfaces and support channels UK OFFICIAL and UK NHS (3937f550-eedd-4639-9c5e-294358be442e)