AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters

53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69

Version

1.0.0
Details on versioning

Versioning

Versions supported for Versioning: 0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

Microsoft implements this Access Control control

Additional metadata

Name/Id: ACF1029 / Microsoft Managed Control 1029
Category: Access Control
Title: Information Flow Enforcement | Security Policy Filters
Ownership: Customer, Microsoft
Description: The information system enforces information flow control using security policy filters inherent in boundary protection devices such as gateways, routers, encrypted tunnels, and link encrypters as a basis for flow control decisions for information containing PII or customer-defined sensitive information types.
Requirements: Azure enforces information flow control using VLAN isolation, software load balancers, Virtual Filtering Platform (VFP), and ACLs. As Azure only has one security domain, there is no need to enforce information flow control using security policy filters such as clean/dirty word lists that a system with multiple security domains (e.g. unclassified, secret, and top secret) require.

Mode

Indexed

Type

Static

Preview

False

Deprecated

False

Effect

Fixed
audit

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups

Compliance

Not a Compliance control

Initiatives usage

none

History

none

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC