| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1178 - Baseline Configuration | Reviews And Updates | ||
| Id | 7818b8f4-47c6-441a-90ae-12ce04e99893 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Configuration Management control | ||
| Additional metadata |
Name/Id: ACF1178 / Microsoft Managed Control 1178 Category: Configuration Management Title: Baseline Configuration | Reviews And Updates - Defined Circumstances Ownership: Customer, Microsoft Description: The organization reviews and updates the baseline configuration of the information system: When required due to Significant changes as defined in NIST SP 800-37 rev 1, Appendix F, or specific to the FedRAMP certification, as directed by the JAB; and Requirements: Each configuration baseline team works with the respective imaging team for updates at least annually or when required due to a significant change. Changes from United States Cyber Command tactical orders or directives can be accommodated. However, analysis is required to determine if a directive is applicable to the Azure services. There is a reasonable probability that a directive is not applicable. Microsoft internal components are specifically engineered for its operations and do not rely on third-party applications. They are further isolated from direct external connections. They must be further tested to ensure that there is no detrimental impact to the configuration baselines and that the associated vulnerability is not already accommodated by compensating or mitigating controls. All changes must go through the approved deployment process. Additionally, the configuration baselines may be reviewed and updated based on significant change to the Azure environment which may include, but is not limited to the following: * Adding new core missions or business functions * Acquiring specific and credible threat information that the organization is being targeted by a threat source * Establishing new or modified laws, directives, policies, or regulations |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|