last sync: 2024-Nov-25 18:54:24 UTC

Logic Apps Integration Service Environment should be encrypted with customer-managed keys

Azure BuiltIn Policy definition

Source Azure Portal
Display name Logic Apps Integration Service Environment should be encrypted with customer-managed keys
Id 1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Logic Apps
Microsoft Learn
Description Deploy into Integration Service Environment to manage encryption at rest of Logic Apps data using customer-managed keys. By default, customer data is encrypted with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Logic/integrationServiceEnvironments/encryptionConfiguration Microsoft.Logic integrationServiceEnvironments properties.encryptionConfiguration True False
Rule resource types IF (1)
Microsoft.Logic/integrationServiceEnvironments
Compliance
The following 11 compliance controls are associated with this Policy definition 'Logic Apps Integration Service Environment should be encrypted with customer-managed keys' (1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found n/a n/a 37
FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 System And Communications Protection Cryptographic Key Establishment And Management Shared n/a The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17. References: NIST Special Publications 800-56, 800-57. link 40
FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 System And Communications Protection Cryptographic Key Establishment And Management Shared n/a The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17. References: NIST Special Publications 800-56, 800-57. link 40
NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 System and Communications Protection Establish and manage cryptographic keys for cryptography employed in organizational systems. Shared Microsoft and the customer share responsibilities for implementing this requirement. Cryptographic key management and establishment can be performed using manual procedures or mechanisms supported by manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, policies, directives, regulations, and standards specifying appropriate options, levels, and parameters. [SP 800-56A] and [SP 800-57-1] provide guidance on cryptographic key management and key establishment. link 40
NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 System And Communications Protection Cryptographic Key Establishment And Management Shared n/a The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17. References: NIST Special Publications 800-56, 800-57. link 40
NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 System and Communications Protection Cryptographic Key Establishment and Management Shared n/a Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. link 40
NL_BIO_Cloud_Theme U.05.2(2) NL_BIO_Cloud_Theme_U.05.2(2) NL_BIO_Cloud_Theme_U.05.2(2) U.05 Data protection Cryptographic measures n/a Data stored in the cloud service shall be protected to the latest state of the art with encryption and with a key length sufficient at least for the purpose, whereby the key management is not purchased as a cloud service if possible and is carried out by the CSC itself. 52
NL_BIO_Cloud_Theme U.11.3(2) NL_BIO_Cloud_Theme_U.11.3(2) NL_BIO_Cloud_Theme_U.11.3(2) U.11 Cryptoservices Encrypted n/a Sensitive data (on transport and at rest) is always encrypted, with private keys managed by the CSC. The use of a private key by the CSP is based on a controlled procedure and must be jointly agreed with the CSC organisation. 52
RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Information and Cyber Security Trails-3.1 n/a The IS Policy must provide for a IS framework with the following basic tenets: Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail. link 36
U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found n/a n/a 51
U.11.3 - Encrypted U.11.3 - Encrypted 404 not found n/a n/a 51
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: CMMC 2.0 Level 2 4e50fd13-098b-3206-61d6-d1d78205cb45 Regulatory Compliance Preview BuiltIn
[Preview]: Reserve Bank of India - IT Framework for NBFC 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c Regulatory Compliance Preview BuiltIn
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme 6ce73208-883e-490f-a2ac-44aac3b3687f Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme V2 d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 add 1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5
JSON compare n/a
JSON
api-version=2021-06-01
EPAC