AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Implement cryptographic mechanisms | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Implement cryptographic mechanisms
Id 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1419 - Implement cryptographic mechanisms
Additional metadata Name/Id: CMA_C1419 / CMA_C1419
Category: Operational
Title: Implement cryptographic mechanisms
Ownership: Customer
Description: The customer is responsible for implementing cryptographic mechanisms when performing non-local maintenance and diagnostics of customer-deployed operating systems.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 6 compliance controls are associated with this Policy definition 'Implement cryptographic mechanisms' (10c3a1b1-29b0-a2d5-8f4c-a284b0f07830)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 MA-4(6) FedRAMP_High_R4_MA-4(6) FedRAMP High MA-4 (6) Maintenance Cryptographic Protection Shared n/a The information system implements cryptographic mechanisms to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications. Supplemental Guidance: Related controls: SC-8, SC-13. link 1
hipaa 18110.08j1Organizational.5-08.j hipaa-18110.08j1Organizational.5-08.j 18110.08j1Organizational.5-08.j 18 Physical & Environmental Security 18110.08j1Organizational.5-08.j 08.02 Equipment Security Shared n/a The organization monitors and controls non-local maintenance and diagnostic activities; and prohibits non-local system maintenance unless explicitly authorized, in writing, by the CIO or his/her designated representative. 4
NIST_SP_800-53_R4 MA-4(6) NIST_SP_800-53_R4_MA-4(6) NIST SP 800-53 Rev. 4 MA-4 (6) Maintenance Cryptographic Protection Shared n/a The information system implements cryptographic mechanisms to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications. Supplemental Guidance: Related controls: SC-8, SC-13. link 1
NIST_SP_800-53_R5 MA-4(6) NIST_SP_800-53_R5_MA-4(6) NIST SP 800-53 Rev. 5 MA-4 (6) Maintenance Cryptographic Protection Shared n/a Implement the following cryptographic mechanisms to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications: [Assignment: organization-defined cryptographic mechanisms]. link 1
op.exp.10 Cryptographic key protection op.exp.10 Cryptographic key protection 404 not found n/a n/a 53
PCI_DSS_v4.0 2.2.7 PCI_DSS_v4.0_2.2.7 PCI DSS v4.0 2.2.7 Requirement 02: Apply Secure Configurations to All System Components System components are configured and managed securely Shared n/a All non-console administrative access is encrypted using strong cryptography. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC