| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1670 - Flaw Remediation | ||
| Id | c6108469-57ee-4666-af7e-79ba61c7ae0c | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Information Integrity control | ||
| Additional metadata |
Name/Id: ACF1670 / Microsoft Managed Control 1670 Category: System and Information Integrity Title: Flaw Remediation - Time Period to Install After Updates Are Released Ownership: Customer, Microsoft Description: The organization: Installs security-relevant software and firmware updates within High Risk: 30 days, Moderate Risk: 90 days of the release of the updates; and Requirements: As noted in Part a, most security updates are required to be installed within thirty (30) days of the notification of the update’s availability. C+AI Security requires on occasion an expedited timeline for the application of security updates based on the following criteria: * Applications or services affected * Availability of reliable exploit code * Prevalence of exploit activity * External regulator requirements, such as a Cybersecurity and Infrastructure Security Agency (CISA) Emergency Directive Information collected from C+AI Security monitoring efforts or an increase on the risk level faced by Azure servers may be used to expedite remediation of outstanding security vulnerabilities after the original deadline was set. These changes are communicated to the necessary personnel. Azure uses automated tools to determine whether a required security flaw has been remediated properly and the date of installation of security updates. These tools collect information from each asset and compare it to the requirements defined for each security update or vulnerability ID. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|