Source | Azure Portal | ||
Display name | Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption | ||
Id | 4708723f-e099-4af1-bbf9-b6df7642e444 | ||
Version | 1.0.0 Details on versioning |
||
Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
Category | Regulatory Compliance Microsoft Learn |
||
Description | Microsoft implements this Access Control control | ||
Additional metadata |
Name/Id: ACF1062 / Microsoft Managed Control 1062 Category: Access Control Title: Remote Access | Protection Of Confidentiality / Integrity Using Encryption Ownership: Customer, Microsoft Description: The information system implements cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions. Requirements: For all asset types, Azure uses cryptographic controls to protect the confidentiality, authenticity and integrity of sensitive data while in transit or at rest. To ensure confidentiality, Azure uses both symmetric and asymmetric keys for encrypting sensitive data to prevent access from unauthorized parties. For example, secrets such as the Storage Key are encrypted using the receiving component’s public key prior to transmission. As part of the component’s deployment, the private key is installed into the runtime environment by leveraging the Azure Certificate Store (WACS) functionality provided by the Fabric. The component uses the private key installed into the WACS to decrypt the secret. To ensure integrity, Azure uses asymmetric keys to protect unauthorized modification to sensitive data during transmission across components. For example, a component might generate a file then compute a cryptographic checksum over that file’s contents, then sign that checksum via its private key. Upon subsequent access of that file, the component first validates that the file’s contents had not been modified by recomputing the checksum over the current file contents then verifying the signature, which only requires the public key. Azure uses FIPS 140-2 validated cryptography for access. Azure Remote Desktop Protocol (RDP) and SSL VPN services are configured to use FIPS 140-2 validated TLS 1.2 encryption for access. Encryption is required for all connections. PKI certificates are utilized within Azure on the internal RD gateways and are obtained through the Azure PKI, and SSL certificates utilized by access solutions. |
||
Mode | Indexed | ||
Type | Static | ||
Preview | False | ||
Deprecated | False | ||
Effect | Fixed audit |
||
RBAC role(s) | none | ||
Rule aliases | none | ||
Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
Compliance | Not a Compliance control | ||
Initiatives usage | none | ||
History | none | ||
JSON compare | n/a | ||
JSON |
|