| Source | Azure Portal | ||||||
| Display name | Microsoft Managed Control 1708 - Security Functionality Verification | ||||||
| Id | 7a1e2c88-13de-4959-8ee7-47e3d74f1f48 | ||||||
| Version | 1.0.1 Details on versioning |
||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||
| Description | Microsoft implements this System and Information Integrity control | ||||||
| Additional metadata |
Name/Id: ACF1708 / Microsoft Managed Control 1708 Category: System and Information Integrity Title: Security Function Verification - Verifies Correct Operation Ownership: Customer, Microsoft Description: The information system: Verifies the correct operation of security functions identified in ASM process; Requirements: Servers: Azure performs near-real-time auditing and periodic verification of the following security functions to confirm their operating effectiveness. Azure uses applications called Geneva Monitoring Runners to monitor the collected data and report on the overall health of the system. If the overall health of system is deemed inappropriate for the environment by the system, the Fabric Controller (FC) is notified, and the unhealthy system is shut down and a new healthy system is brought up and running. If Azure DevOps or Incident Management (IcM) tickets are created for any security events including but not limited to alerts, advisories, and anomalies, and health status, the Windows Azure LiveSite (WALS) team actively works issues until resolution. The WALS team is staffed twenty-four (24) hours a day, seven (7) days a week. Azure uses the logging and monitoring pipeline and event audit policies to capture security functions and perform alerting in near-real time. Azure sends automated alerts to the Security Response Team in the event of anomalies being discovered for triage, investigation, and remediation, and also alerts upon system startup and/or restart and continuously provides event monitoring and alerting to the Security Response Team. Network Devices Azure uses Config Policy Verifier (CPV) and Config Change Reporter (CCR) to verify correct operation of security functions of network devices on a continuous basis. CPV and CCR automatically send alerts to the network device monitoring tool alarm console regarding deviations of correct operations of security functions. The tools alert upon system startup and/or restart and continuously provide event monitoring and alerting to the Microsoft Operations Center (MOC). The consoles reside with the MOC, which provides analysis and routing to the Azure Networking team for remediation. CPV and CCR backs up the configuration of network devices, allowing the Azure Networking team to know who made what changes to the system. This captures all changes to the device configuration including any related to security functions and deviations from baselines. |
||||||
| Mode | Indexed | ||||||
| Type | Static | ||||||
| Preview | False | ||||||
| Deprecated | False | ||||||
| Effect | Fixed audit |
||||||
| RBAC role(s) | none | ||||||
| Rule aliases | none | ||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||
| Compliance | Not a Compliance control | ||||||
| Initiatives usage | none | ||||||
| History |
|
||||||
| JSON compare |
compare mode:
version left:
version right:
|
||||||
| JSON |
|