| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1198 - Configuration Change Control | Security Representative | ||
| Id | f56be5c3-660b-4c61-9078-f67cf072c356 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Configuration Management control | ||
| Additional metadata |
Name/Id: ACF1198 / Microsoft Managed Control 1198 Category: Configuration Management Title: Configuration Change Control | Security Representative Ownership: Customer, Microsoft Description: The organization requires an information security representative to be a member of the CAB. Requirements: All changes, except pre-approved changes, to the Azure production environment must go through service team committee approval. Each service team has an internal committee with designated roles, and which include representatives from Azure Security; these meet at least monthly or as needed. Servers The C+AI Platform Security baseline team establishes and maintains the configuration baseline standards for operating systems and service network configurations. The baselines are established based on industry standards, including DISA STIGs, CIS, NSA, and various vulnerability library knowledge bases that are configuration related, and through review of security settings baseline experts within C+AI Platform Security including the Security Assurance team and Microsoft Security Response Center and other baseline experts across other Microsoft divisions who participate in the overall Shared Baselines Teams group virtual team. The industry standards and input from baseline experts across Microsoft along with the environment specific considerations and some role specific settings - e.g. domain controller, workgroup server, domain joined server - are used to establish the configuration settings. The Shared Baselines crossgroup includes required representatives from C+AI Platform Security including members from the Security Response Team and the Security Assurance team. Additionally, key participants include members from the incident response team and participants from Microsoft consulting who bring in field experience. Network Devices For network devices, the Azure Network Engineering teams sets the configuration baseline standards for all network devices, using recommended configurations specific to each hardware vendor including applicable STIGs, and makes updates periodically based upon recommendations from the vendor. For each type of device, the Azure Network Engineering teams maintains configuration baselines in Network Device Manager (NDM). Only the Azure Networking team can make changes to configuration baselines for network devices in the Azure environment. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|