AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Provide real-time alerts for audit event failures | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Provide real-time alerts for audit event failures
Id 0f4fa857-079d-9d3d-5c49-21f616189e03
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1114 - Provide real-time alerts for audit event failures
Additional metadata Name/Id: CMA_C1114 / CMA_C1114
Category: Operational
Title: Provide real-time alerts for audit event failures
Ownership: Customer
Description: The customer is responsible for providing real-time alerts for audit event failures for customer-deployed resources.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 5 compliance controls are associated with this Policy definition 'Provide real-time alerts for audit event failures' (0f4fa857-079d-9d3d-5c49-21f616189e03)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 AU-5(2) FedRAMP_High_R4_AU-5(2) FedRAMP High AU-5 (2) Audit And Accountability Real-Time Alerts Shared n/a The information system provides an alert in [Assignment: organization-defined real-time period] to [Assignment: organization-defined personnel, roles, and/or locations] when the following audit failure events occur: [Assignment: organization-defined audit failure events requiring real-time alerts]. Supplemental Guidance: Alerts provide organizations with urgent messages. Real-time alerts provide these messages at information technology speed (i.e., the time from event detection to alert occurs in seconds or less). link 1
NIST_SP_800-171_R2_3 .3.4 NIST_SP_800-171_R2_3.3.4 NIST SP 800-171 R2 3.3.4 Audit and Accountability Alert in the event of an audit logging process failure. Shared Microsoft and the customer share responsibilities for implementing this requirement. Audit logging process failures include software and hardware errors, failures in the audit record capturing mechanisms, and audit record storage capacity being reached or exceeded. This requirement applies to each audit record data storage repository (i.e., distinct system component where audit records are stored), the total audit record storage capacity of organizations (i.e., all audit record data storage repositories combined), or both. link 12
NIST_SP_800-53_R4 AU-5(2) NIST_SP_800-53_R4_AU-5(2) NIST SP 800-53 Rev. 4 AU-5 (2) Audit And Accountability Real-Time Alerts Shared n/a The information system provides an alert in [Assignment: organization-defined real-time period] to [Assignment: organization-defined personnel, roles, and/or locations] when the following audit failure events occur: [Assignment: organization-defined audit failure events requiring real-time alerts]. Supplemental Guidance: Alerts provide organizations with urgent messages. Real-time alerts provide these messages at information technology speed (i.e., the time from event detection to alert occurs in seconds or less). link 1
NIST_SP_800-53_R5 AU-5(2) NIST_SP_800-53_R5_AU-5(2) NIST SP 800-53 Rev. 5 AU-5 (2) Audit and Accountability Real-time Alerts Shared n/a Provide an alert within [Assignment: organization-defined real-time period] to [Assignment: organization-defined personnel, roles, and/or locations] when the following audit failure events occur: [Assignment: organization-defined audit logging failure events requiring real-time alerts]. link 1
SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 6. Detect Anomalous Activity to Systems or Transaction Records Record security events and detect anomalous actions and operations within the local SWIFT environment. Shared n/a Capabilities to detect anomalous activity are implemented, and a process or tool is in place to keep and review logs. link 51
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 0f4fa857-079d-9d3d-5c49-21f616189e03
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC