| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1420 - Maintenance Personnel | ||
| Id | 05ae08cc-a282-413b-90c7-21a2c60b8404 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Maintenance control | ||
| Additional metadata |
Name/Id: ACF1420 / Microsoft Managed Control 1420 Category: Maintenance Title: Maintenance Personnel - Process Ownership: Customer, Microsoft Description: The organization: Establishes a process for maintenance personnel authorization and maintains a list of authorized maintenance organizations or personnel; Requirements: Maintenance personnel authorization at Azure datacenters is managed through the DCAT system. All FTEs and vendors’ physical access to the datacenters is managed through DCAT. Logical access (any nonlocal maintenance) is managed through the CM process and access is documented, provisioned, and approved. All maintenance work requires an associated work ticket. In order to physically access the datacenter to perform maintenance, the person must be approved by the Datacenter Management (DCM) team via a DCAT request. When arriving at the datacenter, a person’s identity is matched against their approved DCAT request. The DCAT tool manages the areas that maintenance personnel can access. The principle of least privilege is used in granting access. Azure datacenters have resident maintenance teams called Site Services and Critical Environment (CE) teams. On a quarterly basis, the datacenter management team and physical security teams perform audits of the DCAT access list to keep the access list of maintenance personnel current. Personnel terminations or transfers are reflected immediately through a manual update of the access list. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|