| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1185 - Configuration Change Control | ||
| Id | 6420cd73-b939-43b7-9d99-e8688fea053c | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Configuration Management control | ||
| Additional metadata |
Name/Id: ACF1185 / Microsoft Managed Control 1185 Category: Configuration Management Title: Configuration Change Control - Review Ownership: Customer, Microsoft Description: The organization: Reviews proposed configuration-controlled changes to the information system and approves or disapproves such changes with explicit consideration for security impact analyses; Requirements: All changes under configuration control to Azure assets are reviewed and approved or disapproved with explicit consideration for security impact analysis. Per the Microsoft Change Management Standard, all changes require documented testing procedures. Servers It is the responsibility of the change tester to verify against defined test and success criteria and to record the test results in the work item tracking the change. For IPAK changes, all work items impacting code are triaged by the IPAK team before they are implemented. The triage process assesses the priority of the item and potential impact to customers. If an item is of a security nature, input from C+AI Platform Security is sought. For RDOS changes, changes are tested in a non-production environment before being promoted to production. All changes go through the standard change management process which includes a security impact analysis. Network Devices Security impact analyses for network device changes are completed by performing a risk assessment for the change being performed. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|