last sync: 2024-Nov-25 18:54:24 UTC

[Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK)

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK)
Id 47031206-ce96-41f8-861b-6a915f3de284
Version 1.0.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0-preview
Built-in Versioning [Preview]
Category Internet of Things
Microsoft Learn
Description Use customer-managed keys to manage the encryption at rest of your IoT Hub device provisioning service. The data is automatically encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. Learn more about CMK encryption at https://aka.ms/dps/CMK.
Mode Indexed
Type BuiltIn
Preview True
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*] Microsoft.Devices ProvisioningServices properties.encryption.keyVaultProperties[*] True False
Microsoft.Devices/provisioningServices/encryption.keyVaultProperties[*].keyIdentifier Microsoft.Devices ProvisioningServices properties.encryption.keyVaultProperties[*].keyIdentifier True False
Rule resource types IF (1)
Microsoft.Devices/provisioningServices
Compliance
The following 10 compliance controls are associated with this Policy definition '[Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK)' (47031206-ce96-41f8-861b-6a915f3de284)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found n/a n/a 37
FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 System And Communications Protection Cryptographic Key Establishment And Management Shared n/a The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17. References: NIST Special Publications 800-56, 800-57. link 40
FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 System And Communications Protection Cryptographic Key Establishment And Management Shared n/a The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17. References: NIST Special Publications 800-56, 800-57. link 40
NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 System and Communications Protection Establish and manage cryptographic keys for cryptography employed in organizational systems. Shared Microsoft and the customer share responsibilities for implementing this requirement. Cryptographic key management and establishment can be performed using manual procedures or mechanisms supported by manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, policies, directives, regulations, and standards specifying appropriate options, levels, and parameters. [SP 800-56A] and [SP 800-57-1] provide guidance on cryptographic key management and key establishment. link 40
NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 System And Communications Protection Cryptographic Key Establishment And Management Shared n/a The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17. References: NIST Special Publications 800-56, 800-57. link 40
NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 System and Communications Protection Cryptographic Key Establishment and Management Shared n/a Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. link 40
NL_BIO_Cloud_Theme U.05.2(2) NL_BIO_Cloud_Theme_U.05.2(2) NL_BIO_Cloud_Theme_U.05.2(2) U.05 Data protection Cryptographic measures n/a Data stored in the cloud service shall be protected to the latest state of the art with encryption and with a key length sufficient at least for the purpose, whereby the key management is not purchased as a cloud service if possible and is carried out by the CSC itself. 52
NL_BIO_Cloud_Theme U.11.3(2) NL_BIO_Cloud_Theme_U.11.3(2) NL_BIO_Cloud_Theme_U.11.3(2) U.11 Cryptoservices Encrypted n/a Sensitive data (on transport and at rest) is always encrypted, with private keys managed by the CSC. The use of a private key by the CSP is based on a controlled procedure and must be jointly agreed with the CSC organisation. 52
U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found n/a n/a 51
U.11.3 - Encrypted U.11.3 - Encrypted 404 not found n/a n/a 51
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: CMMC 2.0 Level 2 4e50fd13-098b-3206-61d6-d1d78205cb45 Regulatory Compliance Preview BuiltIn
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme 6ce73208-883e-490f-a2ac-44aac3b3687f Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme V2 d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-02 15:11:40 add 47031206-ce96-41f8-861b-6a915f3de284
JSON compare n/a
JSON
api-version=2021-06-01
EPAC