| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1630 - Boundary Protection | External Telecommunications Services | ||
| Id | 3643717a-3897-4bfd-8530-c7c96b26b2a0 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Additional metadata |
Name/Id: ACF1630 / Microsoft Managed Control 1630 Category: System and Communications Protection Title: Boundary Protection | External Telecommunications Services Ownership: Microsoft Description: The organization: Reviews exceptions to the traffic flow policy Quarterly with traffic flow monitoring multiple times per day and removes exceptions that are no longer supported by an explicit mission/business need. Requirements: Azure reviews each change to the network ACL via the C+AI Security Policy Exception process with a supporting mission/business need and duration of that need. In the event an exception is needed, a security review (SR) is documented and reviewed by the C+AI Security team. All exceptions are reviewed on at least a semiannual basis. The Azure Networking team removes all exceptions that are no longer supported by a business need in Azure. If the Azure Networking team identifies and reviews a policy exception that is no longer needed, they remove that exception. At the infrastructure level, Azure blocks administrative ports on the internet edge of the environment through the Edge ACL baseline. To detect any authorized changes to the established traffic flow polices on the Azure boundary the Azure Security Monitoring (ASM) team automatically scans the internet boundary of the Azure environment every four (4) hours. If a blocked port is opened, a ticket is automatically created in the ticketing system and an alert is created for the Azure Security Response Team to remediate. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|