AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'

Azure BuiltIn Policy definition

Source Azure Portal
Display name Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'
Id 58383b73-94a9-4414-b382-4146eb02611b
Version 3.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
3.0.0
Built-in Versioning [Preview]
Category Guest Configuration
Microsoft Learn
Description Windows machines should have the specified Group Policy settings in the category 'System Audit Policies - Detailed Tracking' for auditing DPAPI, process creation/termination, RPC events, and PNP activity. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases IF (7)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Compute/imageOffer Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.offer
properties.virtualMachineProfile.storageProfile.imageReference.offer
properties.creationData.imageReference.id		 True
True
True

False
False
False
Microsoft.Compute/imagePublisher Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.publisher
properties.virtualMachineProfile.storageProfile.imageReference.publisher
properties.creationData.imageReference.id		 True
True
True

False
False
False
Microsoft.Compute/imageSKU Microsoft.Compute
Microsoft.Compute
Microsoft.Compute		 virtualMachines
virtualMachineScaleSets
disks		 properties.storageProfile.imageReference.sku
properties.virtualMachineProfile.storageProfile.imageReference.sku
properties.creationData.imageReference.id		 True
True
True

False
False
False
Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration Microsoft.Compute virtualMachines properties.osProfile.windowsConfiguration True True
Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType Microsoft.Compute virtualMachines properties.storageProfile.osDisk.osType True True
Microsoft.ConnectedVMwarevSphere/virtualMachines/osProfile.osType Microsoft.ConnectedVMwarevSphere virtualmachines properties.osProfile.osType True False
Microsoft.HybridCompute/imageOffer Microsoft.HybridCompute machines properties.osName True False
THEN-ExistenceCondition (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus Microsoft.GuestConfiguration guestConfigurationAssignments properties.complianceStatus True False
Microsoft.GuestConfiguration/guestConfigurationAssignments/parameterHash Microsoft.GuestConfiguration guestConfigurationAssignments properties.parameterHash True False
Rule resource types IF (3)
Microsoft.Compute/virtualMachines
Microsoft.ConnectedVMwarevSphere/virtualMachines
Microsoft.HybridCompute/machines
Compliance
The following 10 compliance controls are associated with this Policy definition 'Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'' (58383b73-94a9-4414-b382-4146eb02611b)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 0635.10k1Organizational.12-10.k hipaa-0635.10k1Organizational.12-10.k 0635.10k1Organizational.12-10.k 06 Configuration Management 0635.10k1Organizational.12-10.k 10.05 Security In Development and Support Processes Shared n/a Managers responsible for application systems are also responsible for the strict control (security) of the project or support environment and ensure that all proposed system changes are reviewed to check that they do not compromise the security of either the system or the operating environment. 9
hipaa 0636.10k2Organizational.1-10.k hipaa-0636.10k2Organizational.1-10.k 0636.10k2Organizational.1-10.k 06 Configuration Management 0636.10k2Organizational.1-10.k 10.05 Security In Development and Support Processes Shared n/a The organization formally addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance for configuration management (e.g., through policies, standards, processes). 8
hipaa 0637.10k2Organizational.2-10.k hipaa-0637.10k2Organizational.2-10.k 0637.10k2Organizational.2-10.k 06 Configuration Management 0637.10k2Organizational.2-10.k 10.05 Security In Development and Support Processes Shared n/a The organization has developed, documented, and implemented a configuration management plan for the information system. 7
hipaa 0638.10k2Organizational.34569-10.k hipaa-0638.10k2Organizational.34569-10.k 0638.10k2Organizational.34569-10.k 06 Configuration Management 0638.10k2Organizational.34569-10.k 10.05 Security In Development and Support Processes Shared n/a Changes are formally controlled, documented, and enforced in order to minimize the corruption of information systems. 14
hipaa 0639.10k2Organizational.78-10.k hipaa-0639.10k2Organizational.78-10.k 0639.10k2Organizational.78-10.k 06 Configuration Management 0639.10k2Organizational.78-10.k 10.05 Security In Development and Support Processes Shared n/a Installation checklists and vulnerability scans are used to validate the configuration of servers, workstations, devices, and appliances, and ensure the configuration meets minimum standards. 8
hipaa 0640.10k2Organizational.1012-10.k hipaa-0640.10k2Organizational.1012-10.k 0640.10k2Organizational.1012-10.k 06 Configuration Management 0640.10k2Organizational.1012-10.k 10.05 Security In Development and Support Processes Shared n/a Where development is outsourced, change control procedures to address security are included in the contract(s) and specifically require the developer to track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel or roles. 22
hipaa 0641.10k2Organizational.11-10.k hipaa-0641.10k2Organizational.11-10.k 0641.10k2Organizational.11-10.k 06 Configuration Management 0641.10k2Organizational.11-10.k 10.05 Security In Development and Support Processes Shared n/a The organization does not use automated updates on critical systems. 13
hipaa 0642.10k3Organizational.12-10.k hipaa-0642.10k3Organizational.12-10.k 0642.10k3Organizational.12-10.k 06 Configuration Management 0642.10k3Organizational.12-10.k 10.05 Security In Development and Support Processes Shared n/a The organization develops, documents, and maintains, under configuration control, a current baseline configuration of the information system, and reviews and updates the baseline as required. 7
hipaa 0643.10k3Organizational.3-10.k hipaa-0643.10k3Organizational.3-10.k 0643.10k3Organizational.3-10.k 06 Configuration Management 0643.10k3Organizational.3-10.k 10.05 Security In Development and Support Processes Shared n/a The organization (i) establishes and documents mandatory configuration settings for information technology products employed within the information system using the latest security configuration baselines; (ii) identifies, documents, and approves exceptions from the mandatory established configuration settings for individual components based on explicit operational requirements; and, (iii) monitors and controls changes to the configuration settings in accordance with organizational policies and procedures. 17
hipaa 0644.10k3Organizational.4-10.k hipaa-0644.10k3Organizational.4-10.k 0644.10k3Organizational.4-10.k 06 Configuration Management 0644.10k3Organizational.4-10.k 10.05 Security In Development and Support Processes Shared n/a The organization employs automated mechanisms to (i) centrally manage, apply, and verify configuration settings; (ii) respond to unauthorized changes to network and system security-related configuration settings; and, (iii) enforce access restrictions and auditing of the enforcement actions. 20
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Windows machines should meet requirements for the Azure compute security baseline be7a78aa-3e10-4153-a5fd-8c6506dbc821 Guest Configuration Preview BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-01-28 17:51:01 change Major (2.0.0 > 3.0.0)
2020-09-15 14:06:41 change Previous DisplayName: [Preview]: Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'
2020-08-20 14:05:01 add 58383b73-94a9-4414-b382-4146eb02611b
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC