AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password
Id 86efb160-8de7-451d-bc08-5d475b0aadae
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Data Box
Microsoft Learn
Description Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DataBox/jobs/details.keyEncryptionKey.kekType Microsoft.DataBox jobs properties.details.keyEncryptionKey.kekType True False
Microsoft.Databox/jobs/sku.name Microsoft.DataBox jobs sku.name True False
Rule resource types IF (1)
Microsoft.DataBox/jobs
Compliance
The following 10 compliance controls are associated with this Policy definition 'Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password' (86efb160-8de7-451d-bc08-5d475b0aadae)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CMMC_2.0_L2 SC.L2-3.13.10 CMMC_2.0_L2_SC.L2-3.13.10 404 not found n/a n/a 37
FedRAMP_High_R4 SC-12 FedRAMP_High_R4_SC-12 FedRAMP High SC-12 System And Communications Protection Cryptographic Key Establishment And Management Shared n/a The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17. References: NIST Special Publications 800-56, 800-57. link 40
FedRAMP_Moderate_R4 SC-12 FedRAMP_Moderate_R4_SC-12 FedRAMP Moderate SC-12 System And Communications Protection Cryptographic Key Establishment And Management Shared n/a The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17. References: NIST Special Publications 800-56, 800-57. link 40
NIST_SP_800-171_R2_3 .13.10 NIST_SP_800-171_R2_3.13.10 NIST SP 800-171 R2 3.13.10 System and Communications Protection Establish and manage cryptographic keys for cryptography employed in organizational systems. Shared Microsoft and the customer share responsibilities for implementing this requirement. Cryptographic key management and establishment can be performed using manual procedures or mechanisms supported by manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, policies, directives, regulations, and standards specifying appropriate options, levels, and parameters. [SP 800-56A] and [SP 800-57-1] provide guidance on cryptographic key management and key establishment. link 40
NIST_SP_800-53_R4 SC-12 NIST_SP_800-53_R4_SC-12 NIST SP 800-53 Rev. 4 SC-12 System And Communications Protection Cryptographic Key Establishment And Management Shared n/a The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. Supplemental Guidance: Cryptographic key management and establishment can be performed using manual procedures or automated mechanisms with supporting manual procedures. Organizations define key management requirements in accordance with applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance, specifying appropriate options, levels, and parameters. Organizations manage trust stores to ensure that only approved trust anchors are in such trust stores. This includes certificates with visibility external to organizational information systems and certificates related to the internal operations of systems. Related controls: SC-13, SC-17. References: NIST Special Publications 800-56, 800-57. link 40
NIST_SP_800-53_R5 SC-12 NIST_SP_800-53_R5_SC-12 NIST SP 800-53 Rev. 5 SC-12 System and Communications Protection Cryptographic Key Establishment and Management Shared n/a Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction]. link 40
NL_BIO_Cloud_Theme U.05.2(2) NL_BIO_Cloud_Theme_U.05.2(2) NL_BIO_Cloud_Theme_U.05.2(2) U.05 Data protection Cryptographic measures n/a Data stored in the cloud service shall be protected to the latest state of the art with encryption and with a key length sufficient at least for the purpose, whereby the key management is not purchased as a cloud service if possible and is carried out by the CSC itself. 52
NL_BIO_Cloud_Theme U.11.3(2) NL_BIO_Cloud_Theme_U.11.3(2) NL_BIO_Cloud_Theme_U.11.3(2) U.11 Cryptoservices Encrypted n/a Sensitive data (on transport and at rest) is always encrypted, with private keys managed by the CSC. The use of a private key by the CSP is based on a controlled procedure and must be jointly agreed with the CSC organisation. 52
U.05.2 - Cryptographic measures U.05.2 - Cryptographic measures 404 not found n/a n/a 51
U.11.3 - Encrypted U.11.3 - Encrypted 404 not found n/a n/a 51
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: CMMC 2.0 Level 2 4e50fd13-098b-3206-61d6-d1d78205cb45 Regulatory Compliance Preview BuiltIn
Deny or Audit resources without Encryption with a customer-managed key (CMK) Enforce-Encryption-CMK Encryption GA ALZ
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme 6ce73208-883e-490f-a2ac-44aac3b3687f Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme V2 d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-12-11 15:42:52 add 86efb160-8de7-451d-bc08-5d475b0aadae
JSON compare n/a
JSON
api-version=2021-06-01
EPAC