| Source | Azure Portal | ||||||||||||||||||||||
| Display name | Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection | ||||||||||||||||||||||
| Id | 90b60a09-133d-45bc-86ef-b206a6134bbe | ||||||||||||||||||||||
| Version | 1.0.0 Details on versioning |
||||||||||||||||||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||||||||||||||||||
| Description | Microsoft implements this Audit and Accountability control | ||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1133 / Microsoft Managed Control 1133 Category: Audit and Accountability Title: Protection Of Audit Information | Cryptographic Protection Ownership: Customer, Microsoft Description: The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools. Requirements: Azure cryptographically protects all audit log data stored within the Azure Storage accounts used for audit log retention as a native feature of Azure Storage. In addition, Kusto and Jarvis storage is read-only by design, and once logs are ingested and stored, cannot be altered or deleted in any way. Audit tooling is protected in the same method as all other Azure code, via the code signing process as part of the Security Development Lifecycle (SDL) implementation and System Lockdown validation, currently operating in Audit Mode. System Lockdown alerts the affected Azure service team when unsigned code is installed and run within Azure. When Enforcement Mode is activated, System Lockdown will block unsigned code. |
||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||
| Type | Static | ||||||||||||||||||||||
| Preview | False | ||||||||||||||||||||||
| Deprecated | False | ||||||||||||||||||||||
| Effect | Fixed audit |
||||||||||||||||||||||
| RBAC role(s) | none | ||||||||||||||||||||||
| Rule aliases | none | ||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||||||||||||||||||
| Compliance |
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection' (90b60a09-133d-45bc-86ef-b206a6134bbe)
| ||||||||||||||||||||||
| Initiatives usage |
|
||||||||||||||||||||||
| History | none | ||||||||||||||||||||||
| JSON compare | n/a | ||||||||||||||||||||||
| JSON |
|