| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1619 - Information In Shared Resources | ||
| Id | c722e569-cb52-45f3-a643-836547d016e1 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Additional metadata |
Name/Id: ACF1619 / Microsoft Managed Control 1619 Category: System and Communications Protection Title: Information In Shared Resources Ownership: Customer, Microsoft Description: The information system prevents unauthorized and unintended information transfer via shared system resources. Requirements: In order to transfer residual information on an Azure asset, the user must first access the asset. Azure prevents unauthorized and unintended information transfer by implementing several technical controls within the network, including isolation via VLANs and Network Security Groups (NSGs), and implementing strict flow control via ACLs to Azure from other internal Microsoft networks and from the internet. Strong access controls including multifactor authentication, JIT, and usage of security groups limit any unauthorized or unintended transfer of information through shared resources at an access control level. Azure performs logging and monitoring on all assets as a detective measure as well. Azure follows strict standards for overwriting storage resources before their reuse or the physical destruction of decommissioned hardware. Azure executes a complete deletion of data on customer request and on contract termination. Protection of Virtual Machines (VMs) is provided by hypervisor isolation of the Root OS from the Guest OS and the Guest OS from one another. The hypervisor acts like a micro-kernel and passes all hardware access requests from the Guest OS to the Root OS for processing using a shared-memory interface. This prevents users from obtaining raw read/write/execute access to the system and mitigates the risk of sharing system resources. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|