| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows | ||
| Id | d3531453-b869-4606-9122-29c1cd6e7ed1 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1030 / Microsoft Managed Control 1030 Category: Access Control Title: Information Flow Enforcement | Physical / Logical Separation Of Information Flows Ownership: Customer, Microsoft Description: The information system separates information flows logically or physically using TLS to accomplish separation of all sessions. Requirements: Azure logically separates information flows using ACLs. ACLs are the preferred mechanism to restrict network communications by source and destination networks, protocols, and port numbers. Approved mechanisms to implement networked-based ACLs include: tiered ACLs on routers managed by Azure Networking, IPSec policies applied to hosts to restrict communications when used in conjunction with tiered ACLs, network firewall rules, and host-based firewall rules. Additionally, Azure separates all information flows logically using user session encryption. TLS ensures the confidentiality and integrity of each flow; only the intended recipient can decrypt information. For data flowing between application components, service teams control input by using an input validation method stipulated by Microsoft’s Security Development Lifecycle (SDL) process, further detailed in the CM and SA families of controls. Input validation testing includes regulating data inputs by size, formation, and structure prior to allowing information to reach the underlying database. The backend services and servers receive only pre-validated inputs from the front-end webservers. The backend is not directly accessible, from an application data flow perspective, in any other method. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|