| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1457 - Physical Access Control | ||
| Id | f2d9d3e6-8886-4305-865d-639163e5c305 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Physical and Environmental Protection control | ||
| Additional metadata |
Name/Id: ACF1457 / Microsoft Managed Control 1457 Category: Physical and Environmental Protection Title: Physical Access Control - Changing Combinations And Keys Ownership: Microsoft Description: The organization: Changes combinations and keys Annually and/or when keys are lost, combinations are compromised, or individuals are transferred or terminated. Requirements: Azure datacenters have procedures to implement in cases when an access badge or key is lost or a person is terminated or transferred. In the event of a termination or transfer, the person’s access is immediately removed from the DCAT system and their access badge removed. This removes any datacenter access the person may have had. DCM teams also perform quarterly access reviews to validate the appropriateness of the datacenter access list in DCAT. Azure does not require the annual re-keying of locks because Azure datacenters do not use physical hard keys as a primary access method to the facility. Microsoft’s policy is that no hard keys may leave the site, and no hard keys are permanently issued into individuals. The primary access methods at Azure datacenters are electronic access badges and biometrics, which allows for immediate revocation of access as required. Azure mitigates the control risks meant to be addressed by requiring annual re-keying through the primary implementation of electronic and biometric access controls, strict assignment of access levels and controlled distribution and management of keys. Additional security controls such as security patrols, video surveillance, and door alarms help mitigate this risk. Use of keys to open doors in lieu of access badge and/or biometrics where required within the datacenters results in a door alarm that requires the Control Room Supervisor to acknowledge the alarm and dispatch a security responder to investigate. If after an investigation a key was determined to be lost, Azure has procedures in place to determine appropriate action commensurate with the risk that the loss of that specific key has. These actions could require the re-keying of a single server rack or door and up to the re-keying of the entire datacenter facility. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|