| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1211 - Configuration Settings | ||
| Id | 6a8b9dc8-6b00-4701-aa96-bba3277ebf50 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Configuration Management control | ||
| Additional metadata |
Name/Id: ACF1211 / Microsoft Managed Control 1211 Category: Configuration Management Title: Configuration Settings - Change Control Ownership: Customer, Microsoft Description: The organization: Monitors and controls changes to the configuration settings in accordance with organizational policies and procedures. Requirements: All configuration changes are limited to the specific personnel responsible for the component and are captured in audit logs. In addition, vulnerability scans are run to assist in determining the effectiveness of the configuration settings on the applications and servers. Only certain individuals have the privileges to make changes to the configuration of the system based on an approved access model that requires establishing business justification for the membership. If an unauthorized person attempts to make changes, the system automatically denies the request. The action is captured in the audit logs and is investigated. If further actions are required, it is reported up to Azure and service team incident management personnel are notified immediately. The audit logs are maintained in storage for at least ninety (90) days to support after-the-fact investigations. Installed software is monitored using Azure Security Monitoring (ASM) and SCUBA. If unauthorized software installation is detected, the Security Response Team responds. Network Devices Configuration baselines for network devices are incorporated as policies in Config Policy Verifier (CPV), which performs ongoing checks of all devices deployed on the network and reports deviations from standards. Upon discovering a deviation from the baseline, devices are corrected to ensure they agree with the current baseline. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|