last sync: 2024-Nov-25 18:54:24 UTC

Microsoft Managed Control 1457 - Physical Access Control | Regulatory Compliance - Physical and Environmental Protection

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1457 - Physical Access Control
Id f2d9d3e6-8886-4305-865d-639163e5c305
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Physical and Environmental Protection control
Additional metadata Name/Id: ACF1457 / Microsoft Managed Control 1457
Category: Physical and Environmental Protection
Title: Physical Access Control - Changing Combinations And Keys
Ownership: Microsoft
Description: The organization: Changes combinations and keys Annually and/or when keys are lost, combinations are compromised, or individuals are transferred or terminated.
Requirements: Azure datacenters have procedures to implement in cases when an access badge or key is lost or a person is terminated or transferred. In the event of a termination or transfer, the person’s access is immediately removed from the DCAT system and their access badge removed. This removes any datacenter access the person may have had. DCM teams also perform quarterly access reviews to validate the appropriateness of the datacenter access list in DCAT. Azure does not require the annual re-keying of locks because Azure datacenters do not use physical hard keys as a primary access method to the facility. Microsoft’s policy is that no hard keys may leave the site, and no hard keys are permanently issued into individuals. The primary access methods at Azure datacenters are electronic access badges and biometrics, which allows for immediate revocation of access as required. Azure mitigates the control risks meant to be addressed by requiring annual re-keying through the primary implementation of electronic and biometric access controls, strict assignment of access levels and controlled distribution and management of keys. Additional security controls such as security patrols, video surveillance, and door alarms help mitigate this risk. Use of keys to open doors in lieu of access badge and/or biometrics where required within the datacenters results in a door alarm that requires the Control Room Supervisor to acknowledge the alarm and dispatch a security responder to investigate. If after an investigation a key was determined to be lost, Azure has procedures in place to determine appropriate action commensurate with the risk that the loss of that specific key has. These actions could require the re-keying of a single server rack or door and up to the re-keying of the entire datacenter facility.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC