| Source | Azure Portal | ||||||
| Display name | Microsoft Managed Control 1417 - Remote Maintenance | Comparable Security / Sanitization | ||||||
| Id | 7522ed84-70d5-4181-afc0-21e50b1b6d0e | ||||||
| Version | 1.0.1 Details on versioning |
||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||
| Description | Microsoft implements this Maintenance control | ||||||
| Additional metadata |
Name/Id: ACF1417 / Microsoft Managed Control 1417 Category: Maintenance Title: Remote Maintenance | Comparable Security / Sanitization - Comparable Security Ownership: Customer, Microsoft Description: The organization: Requires that nonlocal maintenance and diagnostic services be performed from an information system that implements a security capability comparable to the capability implemented on the system being serviced; or Requirements: Remote maintenance and diagnostic services are performed by first logging in via RDP to a Jumpbox, Debug Server, or Network Hop Box from a Secure Administrative Workstation (SAW) machine on Microsoft CorpNet, and then initiating a second RDP session from the interim device to the destination target asset. No direct connection is possible from workstations to the destination asset. TLS 1.2 is used to protect RDP connections. Azure requires strong identification and authentication for nonlocal maintenance and diagnostic sessions. Azure uses combinations of elevated access accounts and smart cards to access assets. When nonlocal maintenance is completed via RDGW or SSH or SSL VPN, the session is terminated by the user or is disconnected after fifteen (15) minutes of inactivity the information system. All nonlocal network maintenance and diagnostic sessions are managed through configuration management process. Changes must be approved and documented in work tickets. Before changes are automatically deployed in the production environment there is a required quality control step that requires peer review of the proposed change, and a safe deployment process during deployment. After changes are implemented, there is a quality control process to review success criteria against logged work tickets from the past month. |
||||||
| Mode | Indexed | ||||||
| Type | Static | ||||||
| Preview | False | ||||||
| Deprecated | False | ||||||
| Effect | Fixed audit |
||||||
| RBAC role(s) | none | ||||||
| Rule aliases | none | ||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||
| Compliance | Not a Compliance control | ||||||
| Initiatives usage | none | ||||||
| History |
|
||||||
| JSON compare |
compare mode:
version left:
version right:
|
||||||
| JSON |
|