Details of the NIST SP 800-53 R4 Regulatory Compliance built-in initiative

The following article details how the Azure Policy Regulatory Compliance built-in initiative definition maps to compliance domains and controls in NIST SP 800-53 R4. For more information about this compliance standard, see NIST SP 800-53 R4. To understand Ownership, see Azure Policy policy definition and Shared responsibility in the cloud.

The following mappings are to the NIST SP 800-53 R4 controls. Use the navigation on the right to jump directly to a specific compliance domain. Many of the controls are implemented with an Azure Policy initiative definition. To review the complete initiative definition, open Policy in the Azure portal and select the Definitions page. Then, find and select the NIST SP 800-53 R4 Regulatory Compliance built-in initiative definition.

This built-in initiative is deployed as part of the NIST SP 800-53 R4 blueprint sample.

Important

Each control below is associated with one or more Azure Policy definitions. These policies may help you assess compliance with the control; however, there often is not a 1:1 or complete match between a control and one or more policies. As such, Compliant in Azure Policy refers only to the policy definitions themselves; this doesn't ensure you're fully compliant with all requirements of a control. In addition, the compliance standard includes controls that aren't addressed by any Azure Policy definitions at this time. Therefore, compliance in Azure Policy is only a partial view of your overall compliance status. The associations between compliance domains, controls, and Azure Policy definitions for this compliance standard may change over time. To view the change history, see the GitHub Commit History.

Access Control

Access Control Policy and Procedures

ID: NIST SP 800-53 R4 AC-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1000 - Access Control Policy And Procedures Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1001 - Access Control Policy And Procedures Microsoft implements this Access Control control audit 1.0.0

Account Management

ID: NIST SP 800-53 R4 AC-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Deprecated accounts should be removed from your subscription Deprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in. AuditIfNotExists, Disabled 1.0.0
Deprecated accounts with owner permissions should be removed from your subscription Deprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in. AuditIfNotExists, Disabled 1.0.0
External accounts with owner permissions should be removed from your subscription External accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access. AuditIfNotExists, Disabled 1.0.0
External accounts with read permissions should be removed from your subscription External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access. AuditIfNotExists, Disabled 1.0.0
External accounts with write permissions should be removed from your subscription External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access. AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1002 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1003 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1004 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1005 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1006 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1007 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1008 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1009 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1010 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1011 - Account Management Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1012 - Account Management Microsoft implements this Access Control control audit 1.0.0

Account Management | Automated System Account Management

ID: NIST SP 800-53 R4 AC-2 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1013 - Account Management | Automated System Account Management Microsoft implements this Access Control control audit 1.0.0

Account Management | Removal of Temporary / Emergency Accounts

ID: NIST SP 800-53 R4 AC-2 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1014 - Account Management | Removal Of Temporary / Emergency Accounts Microsoft implements this Access Control control audit 1.0.0

Account Management | Disable Inactive Accounts

ID: NIST SP 800-53 R4 AC-2 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1015 - Account Management | Disable Inactive Accounts Microsoft implements this Access Control control audit 1.0.0

Account Management | Automated Audit Actions

ID: NIST SP 800-53 R4 AC-2 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1016 - Account Management | Automated Audit Actions Microsoft implements this Access Control control audit 1.0.0

Account Management | Inactivity Logout

ID: NIST SP 800-53 R4 AC-2 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1017 - Account Management | Inactivity Logout Microsoft implements this Access Control control audit 1.0.0

Account Management | Role-Based Schemes

ID: NIST SP 800-53 R4 AC-2 (7) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
An Azure Active Directory administrator should be provisioned for SQL servers Audit provisioning of an Azure Active Directory administrator for your SQL server to enable Azure AD authentication. Azure AD authentication enables simplified permission management and centralized identity management of database users and other Microsoft services AuditIfNotExists, Disabled 1.0.0
Audit usage of custom RBAC rules Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling Audit, Disabled 1.0.0
Microsoft Managed Control 1018 - Account Management | Role-Based Schemes Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1019 - Account Management | Role-Based Schemes Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1020 - Account Management | Role-Based Schemes Microsoft implements this Access Control control audit 1.0.0
Service Fabric clusters should only use Azure Active Directory for client authentication Audit usage of client authentication only via Azure Active Directory in Service Fabric Audit, Deny, Disabled 1.1.0

Account Management | Restrictions on Use of Shared / Group Accounts

ID: NIST SP 800-53 R4 AC-2 (9) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1021 - Account Management | Restrictions On Use Of Shared / Group Accounts Microsoft implements this Access Control control audit 1.0.0

Account Management | Shared / Group Account Credential Termination

ID: NIST SP 800-53 R4 AC-2 (10) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1022 - Account Management | Shared / Group Account Credential Termination Microsoft implements this Access Control control audit 1.0.0

Account Management | Usage Conditions

ID: NIST SP 800-53 R4 AC-2 (11) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1023 - Account Management | Usage Conditions Microsoft implements this Access Control control audit 1.0.0

Account Management | Account Monitoring / Atypical Usage

ID: NIST SP 800-53 R4 AC-2 (12) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Management ports of virtual machines should be protected with just-in-time network access control Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations AuditIfNotExists, Disabled 1.0.1
Microsoft Managed Control 1024 - Account Management | Account Monitoring / Atypical Usage Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1025 - Account Management | Account Monitoring / Atypical Usage Microsoft implements this Access Control control audit 1.0.0

Account Management | Disable Accounts for High-Risk Individuals

ID: NIST SP 800-53 R4 AC-2 (13) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals Microsoft implements this Access Control control audit 1.0.0

Access Enforcement

ID: NIST SP 800-53 R4 AC-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1027 - Access Enforcement Microsoft implements this Access Control control audit 1.0.0

Information Flow Enforcement

ID: NIST SP 800-53 R4 AC-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
CORS should not allow every resource to access your Web Applications Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app. AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1028 - Information Flow Enforcement Microsoft implements this Access Control control audit 1.0.0

Information Flow Enforcement | Security Policy Filters

ID: NIST SP 800-53 R4 AC-4 (8) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters Microsoft implements this Access Control control audit 1.0.0

Information Flow Enforcement | Physical / Logical Separation of Information Flows

ID: NIST SP 800-53 R4 AC-4 (21) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows Microsoft implements this Access Control control audit 1.0.0

Separation of Duties

ID: NIST SP 800-53 R4 AC-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
A maximum of 3 owners should be designated for your subscription It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner. AuditIfNotExists, Disabled 1.0.0
Deploy prerequisites to audit Windows VMs in which the Administrators group contains any of the specified members This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group contains any of the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Deploy prerequisites to audit Windows VMs in which the Administrators group does not contain all of the specified members This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group does not contain all of the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Microsoft Managed Control 1031 - Separation Of Duties Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1032 - Separation Of Duties Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1033 - Separation Of Duties Microsoft implements this Access Control control audit 1.0.0
Show audit results from Windows VMs in which the Administrators group contains any of the specified members This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group contains any of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
Show audit results from Windows VMs in which the Administrators group does not contain all of the specified members This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group does not contain all of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
There should be more than one owner assigned to your subscription It is recommended to designate more than one subscription owner in order to have administrator access redundancy. AuditIfNotExists, Disabled 1.0.0

Least Privilege

ID: NIST SP 800-53 R4 AC-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1034 - Least Privilege Microsoft implements this Access Control control audit 1.0.0

Least Privilege | Authorize Access to Security Functions

ID: NIST SP 800-53 R4 AC-6 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions Microsoft implements this Access Control control audit 1.0.0

Least Privilege | Non-Privileged Access for Nonsecurity Functions

ID: NIST SP 800-53 R4 AC-6 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions Microsoft implements this Access Control control audit 1.0.0

Least Privilege | Network Access to Privileged Commands

ID: NIST SP 800-53 R4 AC-6 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands Microsoft implements this Access Control control audit 1.0.0

Least Privilege | Privileged Accounts

ID: NIST SP 800-53 R4 AC-6 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1038 - Least Privilege | Privileged Accounts Microsoft implements this Access Control control audit 1.0.0

Least Privilege | Review of User Privileges

ID: NIST SP 800-53 R4 AC-6 (7) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
A maximum of 3 owners should be designated for your subscription It is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner. AuditIfNotExists, Disabled 1.0.0
Deploy prerequisites to audit Windows VMs in which the Administrators group contains any of the specified members This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group contains any of the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Deploy prerequisites to audit Windows VMs in which the Administrators group does not contain all of the specified members This policy creates a Guest Configuration assignment to audit Windows virtual machines in which the Administrators group does not contain all of the specified members. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Microsoft Managed Control 1039 - Least Privilege | Review Of User Privileges Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1040 - Least Privilege | Review Of User Privileges Microsoft implements this Access Control control audit 1.0.0
Show audit results from Windows VMs in which the Administrators group contains any of the specified members This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group contains any of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
Show audit results from Windows VMs in which the Administrators group does not contain all of the specified members This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines in which the Administrators group does not contain all of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
There should be more than one owner assigned to your subscription It is recommended to designate more than one subscription owner in order to have administrator access redundancy. AuditIfNotExists, Disabled 1.0.0

Least Privilege | Privilege Levels for Code Execution

ID: NIST SP 800-53 R4 AC-6 (8) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution Microsoft implements this Access Control control audit 1.0.0

Least Privilege | Auditing Use of Privileged Functions

ID: NIST SP 800-53 R4 AC-6 (9) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions Microsoft implements this Access Control control audit 1.0.0

Least Privilege | Prohibit Non-Privileged Users From Executing Privileged Functions

ID: NIST SP 800-53 R4 AC-6 (10) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From Executing Privileged Functions Microsoft implements this Access Control control audit 1.0.0

Unsuccessful Logon Attempts

ID: NIST SP 800-53 R4 AC-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1044 - Unsuccessful Logon Attempts Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1045 - Unsuccessful Logon Attempts Microsoft implements this Access Control control audit 1.0.0

Unsuccessful Logon Attempts | Purge / Wipe Mobile Device

ID: NIST SP 800-53 R4 AC-7 (2) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device Microsoft implements this Access Control control audit 1.0.0

System Use Notification

ID: NIST SP 800-53 R4 AC-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1047 - System Use Notification Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1048 - System Use Notification Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1049 - System Use Notification Microsoft implements this Access Control control audit 1.0.0

Concurrent Session Control

ID: NIST SP 800-53 R4 AC-10 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1050 - Concurrent Session Control Microsoft implements this Access Control control audit 1.0.0

Session Lock

ID: NIST SP 800-53 R4 AC-11 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1051 - Session Lock Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1052 - Session Lock Microsoft implements this Access Control control audit 1.0.0

Session Lock | Pattern-Hiding Displays

ID: NIST SP 800-53 R4 AC-11 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays Microsoft implements this Access Control control audit 1.0.0

Session Termination

ID: NIST SP 800-53 R4 AC-12 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1054 - Session Termination Microsoft implements this Access Control control audit 1.0.0

Session Termination | User-Initiated Logouts / Message Displays

ID: NIST SP 800-53 R4 AC-12 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays Microsoft implements this Access Control control audit 1.0.0

Permitted Actions Without Identification or Authentication

ID: NIST SP 800-53 R4 AC-14 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1057 - Permitted Actions Without Identification Or Authentication Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1058 - Permitted Actions Without Identification Or Authentication Microsoft implements this Access Control control audit 1.0.0

Security Attributes

ID: NIST SP 800-53 R4 AC-16 Ownership: Customer

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Advanced data security should be enabled on SQL Managed Instance Audit each SQL Managed Instance without advanced data security. AuditIfNotExists, Disabled 1.0.1
Advanced data security should be enabled on your SQL servers Audit SQL servers without Advanced Data Security AuditIfNotExists, Disabled 1.0.0

Remote Access

ID: NIST SP 800-53 R4 AC-17 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1059 - Remote Access Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1060 - Remote Access Microsoft implements this Access Control control audit 1.0.0

Remote Access | Automated Monitoring / Control

ID: NIST SP 800-53 R4 AC-17 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords This policy creates a Guest Configuration assignment to audit Linux virtual machines that allow remote connections from accounts without passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 3.0.0
Microsoft Managed Control 1061 - Remote Access | Automated Monitoring / Control Microsoft implements this Access Control control audit 1.0.0
Remote debugging should be turned off for API Apps Remote debugging requires inbound ports to be opened on API apps. Remote debugging should be turned off. AuditIfNotExists, Disabled 1.0.0
Remote debugging should be turned off for Function Apps Remote debugging requires inbound ports to be opened on function apps. Remote debugging should be turned off. AuditIfNotExists, Disabled 1.0.0
Remote debugging should be turned off for Web Applications Remote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off. AuditIfNotExists, Disabled 1.0.0
Show audit results from Linux VMs that allow remote connections from accounts without passwords This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that allow remote connections from accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 3.0.0
Storage accounts should restrict network access Network access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges Audit, Deny, Disabled 1.1.0

Remote Access | Protection of Confidentiality / Integrity Using Encryption

ID: NIST SP 800-53 R4 AC-17 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption Microsoft implements this Access Control control audit 1.0.0

Remote Access | Managed Access Control Points

ID: NIST SP 800-53 R4 AC-17 (3) Ownership: Customer

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1063 - Remote Access | Managed Access Control Points Microsoft implements this Access Control control audit 1.0.0

Remote Access | Privileged Commands / Access

ID: NIST SP 800-53 R4 AC-17 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1065 - Remote Access | Privileged Commands / Access Microsoft implements this Access Control control audit 1.0.0

Remote Access | Disconnect / Disable Access

ID: NIST SP 800-53 R4 AC-17 (9) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1066 - Remote Access | Disconnect / Disable Access Microsoft implements this Access Control control audit 1.0.0

Wireless Access

ID: NIST SP 800-53 R4 AC-18 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1067 - Wireless Access Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1068 - Wireless Access Microsoft implements this Access Control control audit 1.0.0

Wireless Access | Authentication and Encryption

ID: NIST SP 800-53 R4 AC-18 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1069 - Wireless Access | Authentication And Encryption Microsoft implements this Access Control control audit 1.0.0

Wireless Access | Disable Wireless Networking

ID: NIST SP 800-53 R4 AC-18 (3) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1070 - Wireless Access | Disable Wireless Networking Microsoft implements this Access Control control audit 1.0.0

Wireless Access | Restrict Configurations by Users

ID: NIST SP 800-53 R4 AC-18 (4) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1071 - Wireless Access | Restrict Configurations By Users Microsoft implements this Access Control control audit 1.0.0

Wireless Access | Antennas / Transmission Power Levels

ID: NIST SP 800-53 R4 AC-18 (5) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels Microsoft implements this Access Control control audit 1.0.0

Access Control for Mobile Devices

ID: NIST SP 800-53 R4 AC-19 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1073 - Access Control For Mobile Devices Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1074 - Access Control For Mobile Devices Microsoft implements this Access Control control audit 1.0.0

Access Control for Mobile Devices | Full Device / Container-Based Encryption

ID: NIST SP 800-53 R4 AC-19 (5) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption Microsoft implements this Access Control control audit 1.0.0

Use of External Information Systems

ID: NIST SP 800-53 R4 AC-20 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1076 - Use Of External Information Systems Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1077 - Use Of External Information Systems Microsoft implements this Access Control control audit 1.0.0

Use of External Information Systems | Limits on Authorized Use

ID: NIST SP 800-53 R4 AC-20 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1078 - Use Of External Information Systems | Limits On Authorized Use Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use Microsoft implements this Access Control control audit 1.0.0

Use of External Information Systems | Portable Storage Devices

ID: NIST SP 800-53 R4 AC-20 (2) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1080 - Use Of External Information Systems | Portable Storage Devices Microsoft implements this Access Control control audit 1.0.0

Information Sharing

ID: NIST SP 800-53 R4 AC-21 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1081 - Information Sharing Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1082 - Information Sharing Microsoft implements this Access Control control audit 1.0.0

Publicly Accessible Content

ID: NIST SP 800-53 R4 AC-22 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1083 - Publicly Accessible Content Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1084 - Publicly Accessible Content Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1085 - Publicly Accessible Content Microsoft implements this Access Control control audit 1.0.0
Microsoft Managed Control 1086 - Publicly Accessible Content Microsoft implements this Access Control control audit 1.0.0

Awareness and Training

Security Awareness and Training Policy and Procedures

ID: NIST SP 800-53 R4 AT-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1087 - Security Awareness And Training Policy And Procedures Microsoft implements this Awareness and Training control audit 1.0.0
Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures Microsoft implements this Awareness and Training control audit 1.0.0

Security Awareness Training

ID: NIST SP 800-53 R4 AT-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1089 - Security Awareness Training Microsoft implements this Awareness and Training control audit 1.0.0
Microsoft Managed Control 1090 - Security Awareness Training Microsoft implements this Awareness and Training control audit 1.0.0
Microsoft Managed Control 1091 - Security Awareness Training Microsoft implements this Awareness and Training control audit 1.0.0

Security Awareness Training | Insider Threat

ID: NIST SP 800-53 R4 AT-2 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1092 - Security Awareness Training | Insider Threat Microsoft implements this Awareness and Training control audit 1.0.0

Role-Based Security Training

ID: NIST SP 800-53 R4 AT-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1093 - Role-Based Security Training Microsoft implements this Awareness and Training control audit 1.0.0
Microsoft Managed Control 1094 - Role-Based Security Training Microsoft implements this Awareness and Training control audit 1.0.0
Microsoft Managed Control 1095 - Role-Based Security Training Microsoft implements this Awareness and Training control audit 1.0.0

Role-Based Security Training | Practical Exercises

ID: NIST SP 800-53 R4 AT-3 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1096 - Role-Based Security Training | Practical Exercises Microsoft implements this Awareness and Training control audit 1.0.0

Role-Based Security Training | Suspicious Communications and Anomalous System Behavior

ID: NIST SP 800-53 R4 AT-3 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1097 - Role-Based Security Training | Suspicious Communications And Anomalous System Behavior Microsoft implements this Awareness and Training control audit 1.0.0

Security Training Records

ID: NIST SP 800-53 R4 AT-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1098 - Security Training Records Microsoft implements this Awareness and Training control audit 1.0.0
Microsoft Managed Control 1099 - Security Training Records Microsoft implements this Awareness and Training control audit 1.0.0

Audit and Accountability

Audit and Accountability Policy and Procedures

ID: NIST SP 800-53 R4 AU-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1100 - Audit And Accountability Policy And Procedures Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Events

ID: NIST SP 800-53 R4 AU-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1102 - Audit Events Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1103 - Audit Events Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1104 - Audit Events Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1105 - Audit Events Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Events | Reviews and Updates

ID: NIST SP 800-53 R4 AU-2 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1106 - Audit Events | Reviews And Updates Microsoft implements this Audit and Accountability control audit 1.0.0

Content of Audit Records

ID: NIST SP 800-53 R4 AU-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1107 - Content Of Audit Records Microsoft implements this Audit and Accountability control audit 1.0.0

Content of Audit Records | Additional Audit Information

ID: NIST SP 800-53 R4 AU-3 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information Microsoft implements this Audit and Accountability control audit 1.0.0

Content of Audit Records | Centralized Management of Planned Audit Record Content

ID: NIST SP 800-53 R4 AU-3 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. auditIfNotExists 1.0.0-preview
Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted Reports virtual machine scale sets as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. auditIfNotExists 1.0.1
Audit Log Analytics workspace for VM - Report Mismatch Reports VMs as non-compliant if they aren't logging to the Log Analytics workspace specified in the policy/initiative assignment. audit 1.0.1
Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Storage Capacity

ID: NIST SP 800-53 R4 AU-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1110 - Audit Storage Capacity Microsoft implements this Audit and Accountability control audit 1.0.0

Response to Audit Processing Failures

ID: NIST SP 800-53 R4 AU-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Advanced data security should be enabled on SQL Managed Instance Audit each SQL Managed Instance without advanced data security. AuditIfNotExists, Disabled 1.0.1
Advanced data security should be enabled on your SQL servers Audit SQL servers without Advanced Data Security AuditIfNotExists, Disabled 1.0.0
Audit diagnostic setting Audit diagnostic setting for selected resource types AuditIfNotExists 1.0.0
Auditing on SQL server should be enabled Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1111 - Response To Audit Processing Failures Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1112 - Response To Audit Processing Failures Microsoft implements this Audit and Accountability control audit 1.0.0

Response to Audit Processing Failures | Audit Storage Capacity

ID: NIST SP 800-53 R4 AU-5 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1113 - Response To Audit Processing Failures | Audit Storage Capacity Microsoft implements this Audit and Accountability control audit 1.0.0

Response to Audit Processing Failures | Real-Time Alerts

ID: NIST SP 800-53 R4 AU-5 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Review, Analysis, and Reporting

ID: NIST SP 800-53 R4 AU-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1116 - Audit Review, Analysis, And Reporting Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Review, Analysis, and Reporting | Process Integration

ID: NIST SP 800-53 R4 AU-6 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Review, Analysis, and Reporting | Correlate Audit Repositories

ID: NIST SP 800-53 R4 AU-6 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit Repositories Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Review, Analysis, and Reporting | Central Review and Analysis

ID: NIST SP 800-53 R4 AU-6 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. auditIfNotExists 1.0.0-preview
Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted Reports virtual machine scale sets as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. auditIfNotExists 1.0.1
Audit Log Analytics workspace for VM - Report Mismatch Reports VMs as non-compliant if they aren't logging to the Log Analytics workspace specified in the policy/initiative assignment. audit 1.0.1
Microsoft Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review And Analysis Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Review, Analysis, and Reporting | Integration / Scanning and Monitoring Capabilities

ID: NIST SP 800-53 R4 AU-6 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration / Scanning And Monitoring Capabilities Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Review, Analysis, and Reporting | Correlation With Physical Monitoring

ID: NIST SP 800-53 R4 AU-6 (6) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation With Physical Monitoring Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Review, Analysis, and Reporting | Permitted Actions

ID: NIST SP 800-53 R4 AU-6 (7) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Review, Analysis, and Reporting | Audit Level Adjustment

ID: NIST SP 800-53 R4 AU-6 (10) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level Adjustment Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Reduction and Report Generation

ID: NIST SP 800-53 R4 AU-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1124 - Audit Reduction And Report Generation Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1125 - Audit Reduction And Report Generation Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Reduction and Report Generation | Automatic Processing

ID: NIST SP 800-53 R4 AU-7 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing Microsoft implements this Audit and Accountability control audit 1.0.0

Time Stamps

ID: NIST SP 800-53 R4 AU-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1127 - Time Stamps Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1128 - Time Stamps Microsoft implements this Audit and Accountability control audit 1.0.0

Time Stamps | Synchronization With Authoritative Time Source

ID: NIST SP 800-53 R4 AU-8 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time Source Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time Source Microsoft implements this Audit and Accountability control audit 1.0.0

Protection of Audit Information

ID: NIST SP 800-53 R4 AU-9 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1131 - Protection Of Audit Information Microsoft implements this Audit and Accountability control audit 1.0.0

Protection of Audit Information | Audit Backup on Separate Physical Systems / Components

ID: NIST SP 800-53 R4 AU-9 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components Microsoft implements this Audit and Accountability control audit 1.0.0

Protection of Audit Information | Cryptographic Protection

ID: NIST SP 800-53 R4 AU-9 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection Microsoft implements this Audit and Accountability control audit 1.0.0

Protection of Audit Information | Access by Subset of Privileged Users

ID: NIST SP 800-53 R4 AU-9 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1134 - Protection Of Audit Information | Access By Subset Of Privileged Users Microsoft implements this Audit and Accountability control audit 1.0.0

Non-Repudiation

ID: NIST SP 800-53 R4 AU-10 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1135 - Non-Repudiation Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Record Retention

ID: NIST SP 800-53 R4 AU-11 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1136 - Audit Record Retention Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Generation

ID: NIST SP 800-53 R4 AU-12 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. auditIfNotExists 1.0.0-preview
Advanced data security should be enabled on SQL Managed Instance Audit each SQL Managed Instance without advanced data security. AuditIfNotExists, Disabled 1.0.1
Advanced data security should be enabled on your SQL servers Audit SQL servers without Advanced Data Security AuditIfNotExists, Disabled 1.0.0
Audit diagnostic setting Audit diagnostic setting for selected resource types AuditIfNotExists 1.0.0
Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted Reports virtual machine scale sets as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. auditIfNotExists 1.0.1
Audit Log Analytics workspace for VM - Report Mismatch Reports VMs as non-compliant if they aren't logging to the Log Analytics workspace specified in the policy/initiative assignment. audit 1.0.1
Auditing on SQL server should be enabled Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1137 - Audit Generation Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1138 - Audit Generation Microsoft implements this Audit and Accountability control audit 1.0.0
Microsoft Managed Control 1139 - Audit Generation Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Generation | System-Wide / Time-Correlated Audit Trail

ID: NIST SP 800-53 R4 AU-12 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit Trail Microsoft implements this Audit and Accountability control audit 1.0.0

Audit Generation | Changes by Authorized Individuals

ID: NIST SP 800-53 R4 AU-12 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals Microsoft implements this Audit and Accountability control audit 1.0.0

Security Assessment and Authorization

Security Assessment and Authorization Policy and Procedures

ID: NIST SP 800-53 R4 CA-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1142 - Security Assessment And Authorization Policy And Procedures Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1143 - Security Assessment And Authorization Policy And Procedures Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Security Assessments

ID: NIST SP 800-53 R4 CA-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1144 - Security Assessments Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1145 - Security Assessments Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1146 - Security Assessments Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1147 - Security Assessments Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Security Assessments | Independent Assessors

ID: NIST SP 800-53 R4 CA-2 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1148 - Security Assessments | Independent Assessors Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Security Assessments | Specialized Assessments

ID: NIST SP 800-53 R4 CA-2 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1149 - Security Assessments | Specialized Assessments Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Security Assessments | External Organizations

ID: NIST SP 800-53 R4 CA-2 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1150 - Security Assessments | External Organizations Microsoft implements this Security Assessment and Authorization control audit 1.0.0

System Interconnections

ID: NIST SP 800-53 R4 CA-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1151 - System Interconnections Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1152 - System Interconnections Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1153 - System Interconnections Microsoft implements this Security Assessment and Authorization control audit 1.0.0

System Interconnections | Unclassified Non-National Security System Connections

ID: NIST SP 800-53 R4 CA-3 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1154 - System Interconnections | Unclassified Non-National Security System Connections Microsoft implements this Security Assessment and Authorization control audit 1.0.0

System Interconnections | Restrictions on External System Connections

ID: NIST SP 800-53 R4 CA-3 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1155 - System Interconnections | Restrictions On External System Connections Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Plan of Action and Milestones

ID: NIST SP 800-53 R4 CA-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1156 - Plan Of Action And Milestones Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1157 - Plan Of Action And Milestones Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Security Authorization

ID: NIST SP 800-53 R4 CA-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1158 - Security Authorization Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1159 - Security Authorization Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1160 - Security Authorization Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Continuous Monitoring

ID: NIST SP 800-53 R4 CA-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1161 - Continuous Monitoring Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1162 - Continuous Monitoring Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1163 - Continuous Monitoring Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1164 - Continuous Monitoring Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1165 - Continuous Monitoring Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1166 - Continuous Monitoring Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1167 - Continuous Monitoring Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Continuous Monitoring | Independent Assessment

ID: NIST SP 800-53 R4 CA-7 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1168 - Continuous Monitoring | Independent Assessment Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Continuous Monitoring | Trend Analyses

ID: NIST SP 800-53 R4 CA-7 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1169 - Continuous Monitoring | Trend Analyses Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Penetration Testing

ID: NIST SP 800-53 R4 CA-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1170 - Penetration Testing Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Penetration Testing | Independent Penetration Agent or Team

ID: NIST SP 800-53 R4 CA-8 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1171 - Penetration Testing | Independent Penetration Agent Or Team Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Internal System Connections

ID: NIST SP 800-53 R4 CA-9 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1172 - Internal System Connections Microsoft implements this Security Assessment and Authorization control audit 1.0.0
Microsoft Managed Control 1173 - Internal System Connections Microsoft implements this Security Assessment and Authorization control audit 1.0.0

Configuration Management

Configuration Management Policy and Procedures

ID: NIST SP 800-53 R4 CM-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1174 - Configuration Management Policy And Procedures Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1175 - Configuration Management Policy And Procedures Microsoft implements this Configuration Management control audit 1.0.0

Baseline Configuration

ID: NIST SP 800-53 R4 CM-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1176 - Baseline Configuration Microsoft implements this Configuration Management control audit 1.0.0

Baseline Configuration | Reviews and Updates

ID: NIST SP 800-53 R4 CM-2 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1177 - Baseline Configuration | Reviews And Updates Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1178 - Baseline Configuration | Reviews And Updates Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1179 - Baseline Configuration | Reviews And Updates Microsoft implements this Configuration Management control audit 1.0.0

Baseline Configuration | Automation Support for Accuracy / Currency

ID: NIST SP 800-53 R4 CM-2 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy / Currency Microsoft implements this Configuration Management control audit 1.0.0

Baseline Configuration | Retention of Previous Configurations

ID: NIST SP 800-53 R4 CM-2 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations Microsoft implements this Configuration Management control audit 1.0.0

Baseline Configuration | Configure Systems, Components, or Devices for High-Risk Areas

ID: NIST SP 800-53 R4 CM-2 (7) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1183 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas Microsoft implements this Configuration Management control audit 1.0.0

Configuration Change Control

ID: NIST SP 800-53 R4 CM-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1184 - Configuration Change Control Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1185 - Configuration Change Control Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1186 - Configuration Change Control Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1187 - Configuration Change Control Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1188 - Configuration Change Control Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1189 - Configuration Change Control Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1190 - Configuration Change Control Microsoft implements this Configuration Management control audit 1.0.0

Configuration Change Control | Automated Document / Notification / Prohibition of Changes

ID: NIST SP 800-53 R4 CM-3 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1191 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1193 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1194 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1195 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1196 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes Microsoft implements this Configuration Management control audit 1.0.0

Configuration Change Control | Test / Validate / Document Changes

ID: NIST SP 800-53 R4 CM-3 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1197 - Configuration Change Control | Test / Validate / Document Changes Microsoft implements this Configuration Management control audit 1.0.0

Configuration Change Control | Security Representative

ID: NIST SP 800-53 R4 CM-3 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1198 - Configuration Change Control | Security Representative Microsoft implements this Configuration Management control audit 1.0.0

Configuration Change Control | Cryptography Management

ID: NIST SP 800-53 R4 CM-3 (6) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management Microsoft implements this Configuration Management control audit 1.0.0

Security Impact Analysis

ID: NIST SP 800-53 R4 CM-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1200 - Security Impact Analysis Microsoft implements this Configuration Management control audit 1.0.0

Security Impact Analysis | Separate Test Environments

ID: NIST SP 800-53 R4 CM-4 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1201 - Security Impact Analysis | Separate Test Environments Microsoft implements this Configuration Management control audit 1.0.0

Access Restrictions for Change

ID: NIST SP 800-53 R4 CM-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1202 - Access Restrictions For Change Microsoft implements this Configuration Management control audit 1.0.0

Access Restrictions for Change | Automated Access Enforcement / Auditing

ID: NIST SP 800-53 R4 CM-5 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing Microsoft implements this Configuration Management control audit 1.0.0

Access Restrictions for Change | Review System Changes

ID: NIST SP 800-53 R4 CM-5 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1204 - Access Restrictions For Change | Review System Changes Microsoft implements this Configuration Management control audit 1.0.0

Access Restrictions for Change | Signed Components

ID: NIST SP 800-53 R4 CM-5 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1205 - Access Restrictions For Change | Signed Components Microsoft implements this Configuration Management control audit 1.0.0

Access Restrictions for Change | Limit Production / Operational Privileges

ID: NIST SP 800-53 R4 CM-5 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1206 - Access Restrictions For Change | Limit Production / Operational Privileges Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1207 - Access Restrictions For Change | Limit Production / Operational Privileges Microsoft implements this Configuration Management control audit 1.0.0

Configuration Settings

ID: NIST SP 800-53 R4 CM-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1208 - Configuration Settings Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1209 - Configuration Settings Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1210 - Configuration Settings Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1211 - Configuration Settings Microsoft implements this Configuration Management control audit 1.0.0

Configuration Settings | Automated Central Management / Application / Verification

ID: NIST SP 800-53 R4 CM-6 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification Microsoft implements this Configuration Management control audit 1.0.0

Configuration Settings | Respond to Unauthorized Changes

ID: NIST SP 800-53 R4 CM-6 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes Microsoft implements this Configuration Management control audit 1.0.0

Least Functionality

ID: NIST SP 800-53 R4 CM-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1214 - Least Functionality Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1215 - Least Functionality Microsoft implements this Configuration Management control audit 1.0.0

Least Functionality | Periodic Review

ID: NIST SP 800-53 R4 CM-7 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1216 - Least Functionality | Periodic Review Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1217 - Least Functionality | Periodic Review Microsoft implements this Configuration Management control audit 1.0.0

Least Functionality | Prevent Program Execution

ID: NIST SP 800-53 R4 CM-7 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Adaptive application controls for defining safe applications should be enabled on your machines Enable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the applications running on each machine and suggest the list of known-safe applications. AuditIfNotExists, Disabled 1.0.2
Microsoft Managed Control 1218 - Least Functionality | Prevent Program Execution Microsoft implements this Configuration Management control audit 1.0.0

Least Functionality | Authorized Software / Whitelisting

ID: NIST SP 800-53 R4 CM-7 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Adaptive application controls for defining safe applications should be enabled on your machines Enable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the applications running on each machine and suggest the list of known-safe applications. AuditIfNotExists, Disabled 1.0.2
Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting Microsoft implements this Configuration Management control audit 1.0.0

Information System Component Inventory

ID: NIST SP 800-53 R4 CM-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1222 - Information System Component Inventory Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1223 - Information System Component Inventory Microsoft implements this Configuration Management control audit 1.0.0

Information System Component Inventory | Updates During Installations / Removals

ID: NIST SP 800-53 R4 CM-8 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals Microsoft implements this Configuration Management control audit 1.0.0

Information System Component Inventory | Automated Maintenance

ID: NIST SP 800-53 R4 CM-8 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1225 - Information System Component Inventory | Automated Maintenance Microsoft implements this Configuration Management control audit 1.0.0

Information System Component Inventory | Automated Unauthorized Component Detection

ID: NIST SP 800-53 R4 CM-8 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1226 - Information System Component Inventory | Automated Unauthorized Component Detection Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1227 - Information System Component Inventory | Automated Unauthorized Component Detection Microsoft implements this Configuration Management control audit 1.0.0

Information System Component Inventory | Accountability Information

ID: NIST SP 800-53 R4 CM-8 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1228 - Information System Component Inventory | Accountability Information Microsoft implements this Configuration Management control audit 1.0.0

Information System Component Inventory | No Duplicate Accounting of Components

ID: NIST SP 800-53 R4 CM-8 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components Microsoft implements this Configuration Management control audit 1.0.0

Configuration Management Plan

ID: NIST SP 800-53 R4 CM-9 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1230 - Configuration Management Plan Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1231 - Configuration Management Plan Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1232 - Configuration Management Plan Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1233 - Configuration Management Plan Microsoft implements this Configuration Management control audit 1.0.0

Software Usage Restrictions

ID: NIST SP 800-53 R4 CM-10 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1234 - Software Usage Restrictions Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1235 - Software Usage Restrictions Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1236 - Software Usage Restrictions Microsoft implements this Configuration Management control audit 1.0.0

Software Usage Restrictions | Open Source Software

ID: NIST SP 800-53 R4 CM-10 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software Microsoft implements this Configuration Management control audit 1.0.0

User-Installed Software

ID: NIST SP 800-53 R4 CM-11 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Adaptive application controls for defining safe applications should be enabled on your machines Enable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the applications running on each machine and suggest the list of known-safe applications. AuditIfNotExists, Disabled 1.0.2
Microsoft Managed Control 1238 - User-Installed Software Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1239 - User-Installed Software Microsoft implements this Configuration Management control audit 1.0.0
Microsoft Managed Control 1240 - User-Installed Software Microsoft implements this Configuration Management control audit 1.0.0

User-Installed Software | Alerts for Unauthorized Installations

ID: NIST SP 800-53 R4 CM-11 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations Microsoft implements this Configuration Management control audit 1.0.0

Contingency Planning

Contingency Planning Policy and Procedures

ID: NIST SP 800-53 R4 CP-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Plan

ID: NIST SP 800-53 R4 CP-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1244 - Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1245 - Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1246 - Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1247 - Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1248 - Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1249 - Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1250 - Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0

ID: NIST SP 800-53 R4 CP-2 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Plan | Capacity Planning

ID: NIST SP 800-53 R4 CP-2 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Plan | Resume Essential Missions / Business Functions

ID: NIST SP 800-53 R4 CP-2 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Plan | Resume All Missions / Business Functions

ID: NIST SP 800-53 R4 CP-2 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Plan | Continue Essential Missions / Business Functions

ID: NIST SP 800-53 R4 CP-2 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Plan | Identify Critical Assets

ID: NIST SP 800-53 R4 CP-2 (8) Ownership: Customer

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Training

ID: NIST SP 800-53 R4 CP-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1257 - Contingency Training Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1258 - Contingency Training Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1259 - Contingency Training Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Training | Simulated Events

ID: NIST SP 800-53 R4 CP-3 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1260 - Contingency Training | Simulated Events Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Plan Testing

ID: NIST SP 800-53 R4 CP-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1261 - Contingency Plan Testing Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1262 - Contingency Plan Testing Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1263 - Contingency Plan Testing Microsoft implements this Contingency Planning control audit 1.0.0

ID: NIST SP 800-53 R4 CP-4 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans Microsoft implements this Contingency Planning control audit 1.0.0

Contingency Plan Testing | Alternate Processing Site

ID: NIST SP 800-53 R4 CP-4 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site Microsoft implements this Contingency Planning control audit 1.0.0

Alternate Storage Site

ID: NIST SP 800-53 R4 CP-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1267 - Alternate Storage Site Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1268 - Alternate Storage Site Microsoft implements this Contingency Planning control audit 1.0.0

Alternate Storage Site | Separation From Primary Site

ID: NIST SP 800-53 R4 CP-6 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site Microsoft implements this Contingency Planning control audit 1.0.0

Alternate Storage Site | Recovery Time / Point Objectives

ID: NIST SP 800-53 R4 CP-6 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives Microsoft implements this Contingency Planning control audit 1.0.0

Alternate Storage Site | Accessibility

ID: NIST SP 800-53 R4 CP-6 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility Microsoft implements this Contingency Planning control audit 1.0.0

Alternate Processing Site

ID: NIST SP 800-53 R4 CP-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Audit virtual machines without disaster recovery configured Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc. auditIfNotExists 1.0.0
Microsoft Managed Control 1272 - Alternate Processing Site Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1273 - Alternate Processing Site Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1274 - Alternate Processing Site Microsoft implements this Contingency Planning control audit 1.0.0

Alternate Processing Site | Separation From Primary Site

ID: NIST SP 800-53 R4 CP-7 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site Microsoft implements this Contingency Planning control audit 1.0.0

Alternate Processing Site | Accessibility

ID: NIST SP 800-53 R4 CP-7 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility Microsoft implements this Contingency Planning control audit 1.0.0

Alternate Processing Site | Priority of Service

ID: NIST SP 800-53 R4 CP-7 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service Microsoft implements this Contingency Planning control audit 1.0.0

Alternate Processing Site | Preparation for Use

ID: NIST SP 800-53 R4 CP-7 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use Microsoft implements this Contingency Planning control audit 1.0.0

Telecommunications Services

ID: NIST SP 800-53 R4 CP-8 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1279 - Telecommunications Services Microsoft implements this Contingency Planning control audit 1.0.0

Telecommunications Services | Priority of Service Provisions

ID: NIST SP 800-53 R4 CP-8 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions Microsoft implements this Contingency Planning control audit 1.0.0

Telecommunications Services | Single Points of Failure

ID: NIST SP 800-53 R4 CP-8 (2) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure Microsoft implements this Contingency Planning control audit 1.0.0

Telecommunications Services | Separation of Primary / Alternate Providers

ID: NIST SP 800-53 R4 CP-8 (3) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers Microsoft implements this Contingency Planning control audit 1.0.0

Telecommunications Services | Provider Contingency Plan

ID: NIST SP 800-53 R4 CP-8 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan Microsoft implements this Contingency Planning control audit 1.0.0

Information System Backup

ID: NIST SP 800-53 R4 CP-9 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1287 - Information System Backup Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1288 - Information System Backup Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1289 - Information System Backup Microsoft implements this Contingency Planning control audit 1.0.0
Microsoft Managed Control 1290 - Information System Backup Microsoft implements this Contingency Planning control audit 1.0.0

Information System Backup | Testing for Reliability / Integrity

ID: NIST SP 800-53 R4 CP-9 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity Microsoft implements this Contingency Planning control audit 1.0.0

Information System Backup | Test Restoration Using Sampling

ID: NIST SP 800-53 R4 CP-9 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling Microsoft implements this Contingency Planning control audit 1.0.0

Information System Backup | Separate Storage for Critical Information

ID: NIST SP 800-53 R4 CP-9 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information Microsoft implements this Contingency Planning control audit 1.0.0

Information System Backup | Transfer to Alternate Storage Site

ID: NIST SP 800-53 R4 CP-9 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site Microsoft implements this Contingency Planning control audit 1.0.0

Information System Recovery and Reconstitution

ID: NIST SP 800-53 R4 CP-10 Ownership: Customer

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1295 - Information System Recovery And Reconstitution Microsoft implements this Contingency Planning control audit 1.0.0

Information System Recovery and Reconstitution | Transaction Recovery

ID: NIST SP 800-53 R4 CP-10 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery Microsoft implements this Contingency Planning control audit 1.0.0

Information System Recovery and Reconstitution | Restore Within Time Period

ID: NIST SP 800-53 R4 CP-10 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period Microsoft implements this Contingency Planning control audit 1.0.0

Identification and Authentication

Identification and Authentication Policy and Procedures

ID: NIST SP 800-53 R4 IA-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1298 - Identification And Authentication Policy And Procedures Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1299 - Identification And Authentication Policy And Procedures Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users)

ID: NIST SP 800-53 R4 IA-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1300 - Identification And Authentication (Organizational Users) Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts

ID: NIST SP 800-53 R4 IA-2 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
MFA should be enabled accounts with write permissions on your subscription Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources. AuditIfNotExists, Disabled 1.0.0
MFA should be enabled on accounts with owner permissions on your subscription Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources. AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1301 - Identification And Authentication (Org. Users) | Network Access To Privileged Accounts Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users) | Network Access to Non-Privileged Accounts

ID: NIST SP 800-53 R4 IA-2 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
MFA should be enabled on accounts with read permissions on your subscription Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources. AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1302 - Identification And Authentication (Org. Users) | Network Access To Non-Privileged Accounts Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users) | Local Access to Privileged Accounts

ID: NIST SP 800-53 R4 IA-2 (3) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1303 - Identification And Authentication (Org. Users) | Local Access To Privileged Accounts Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users) | Local Access to Non-Privileged Accounts

ID: NIST SP 800-53 R4 IA-2 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1304 - Identification And Authentication (Org. Users) | Local Access To Non-Privileged Accounts Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users) | Group Authentication

ID: NIST SP 800-53 R4 IA-2 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1305 - Identification And Authentication (Org. Users) | Group Authentication Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts - Replay Resistant

ID: NIST SP 800-53 R4 IA-2 (8) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1306 - Identification And Authentication (Org. Users) | Net. Access To Priv. Accts. - Replay Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users) | Network Access to Non-Privileged Accounts - Replay Resistant

ID: NIST SP 800-53 R4 IA-2 (9) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1307 - Identification And Authentication (Org. Users) | Net. Access To Non-Priv. Accts. - Replay Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users) | Remote Access - Separate Device

ID: NIST SP 800-53 R4 IA-2 (11) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1308 - Identification And Authentication (Org. Users) | Remote Access - Separate Device Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Organizational Users) | Acceptance of Piv Credentials

ID: NIST SP 800-53 R4 IA-2 (12) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1309 - Identification And Authentication (Org. Users) | Acceptance Of Piv Credentials Microsoft implements this Identification and Authentication control audit 1.0.0

Device Identification and Authentication

ID: NIST SP 800-53 R4 IA-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1310 - Device Identification And Authentication Microsoft implements this Identification and Authentication control audit 1.0.0

Identifier Management

ID: NIST SP 800-53 R4 IA-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1311 - Identifier Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1312 - Identifier Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1313 - Identifier Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1314 - Identifier Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1315 - Identifier Management Microsoft implements this Identification and Authentication control audit 1.0.0

Identifier Management | Identify User Status

ID: NIST SP 800-53 R4 IA-4 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1316 - Identifier Management | Identify User Status Microsoft implements this Identification and Authentication control audit 1.0.0

Authenticator Management

ID: NIST SP 800-53 R4 IA-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644 This policy creates a Guest Configuration assignment to audit Linux virtual machines that do not have the passwd file permissions set to 0644. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 3.0.0
Deploy prerequisites to audit Linux VMs that have accounts without passwords This policy creates a Guest Configuration assignment to audit Linux virtual machines that have accounts without passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 3.0.0
Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not store passwords using reversible encryption. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Microsoft Managed Control 1317 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1318 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1319 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1320 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1321 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1322 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1323 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1324 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1325 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1326 - Authenticator Management Microsoft implements this Identification and Authentication control audit 1.0.0
Show audit results from Linux VMs that do not have the passwd file permissions set to 0644 This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that do not have the passwd file permissions set to 0644. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 3.0.0
Show audit results from Linux VMs that have accounts without passwords This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Linux virtual machines that have accounts without passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 3.0.0
Show audit results from Windows VMs that do not store passwords using reversible encryption This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not store passwords using reversible encryption. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0

Authenticator Management | Password-Based Authentication

ID: NIST SP 800-53 R4 IA-5 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords This policy creates a Guest Configuration assignment to audit Windows virtual machines that allow re-use of the previous 24 passwords. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have a maximum password age of 70 days. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have a minimum password age of 1 day. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not have the password complexity setting enabled. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not restrict the minimum password length to 14 characters. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption This policy creates a Guest Configuration assignment to audit Windows virtual machines that do not store passwords using reversible encryption. It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Microsoft Managed Control 1327 - Authenticator Management | Password-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1328 - Authenticator Management | Password-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1329 - Authenticator Management | Password-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1330 - Authenticator Management | Password-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1331 - Authenticator Management | Password-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1332 - Authenticator Management | Password-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0
Show audit results from Windows VMs that allow re-use of the previous 24 passwords This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that allow re-use of the previous 24 passwords. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
Show audit results from Windows VMs that do not have a maximum password age of 70 days This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have a maximum password age of 70 days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
Show audit results from Windows VMs that do not have a minimum password age of 1 day This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have a minimum password age of 1 day. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
Show audit results from Windows VMs that do not have the password complexity setting enabled This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not have the password complexity setting enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not restrict the minimum password length to 14 characters. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
Show audit results from Windows VMs that do not store passwords using reversible encryption This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows virtual machines that do not store passwords using reversible encryption. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0

Authenticator Management | Pki-Based Authentication

ID: NIST SP 800-53 R4 IA-5 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1333 - Authenticator Management | Pki-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1334 - Authenticator Management | Pki-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1335 - Authenticator Management | Pki-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0
Microsoft Managed Control 1336 - Authenticator Management | Pki-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0

Authenticator Management | in-Person or Trusted Third-Party Registration

ID: NIST SP 800-53 R4 IA-5 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1337 - Authenticator Management | In-Person Or Trusted Third-Party Registration Microsoft implements this Identification and Authentication control audit 1.0.0

Authenticator Management | Automated Support for Password Strength Determination

ID: NIST SP 800-53 R4 IA-5 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1338 - Authenticator Management | Automated Support For Password Strength Determination Microsoft implements this Identification and Authentication control audit 1.0.0

Authenticator Management | Protection of Authenticators

ID: NIST SP 800-53 R4 IA-5 (6) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1339 - Authenticator Management | Protection Of Authenticators Microsoft implements this Identification and Authentication control audit 1.0.0

Authenticator Management | No Embedded Unencrypted Static Authenticators

ID: NIST SP 800-53 R4 IA-5 (7) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1340 - Authenticator Management | No Embedded Unencrypted Static Authenticators Microsoft implements this Identification and Authentication control audit 1.0.0

Authenticator Management | Multiple Information System Accounts

ID: NIST SP 800-53 R4 IA-5 (8) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1341 - Authenticator Management | Multiple Information System Accounts Microsoft implements this Identification and Authentication control audit 1.0.0

Authenticator Management | Hardware Token-Based Authentication

ID: NIST SP 800-53 R4 IA-5 (11) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1342 - Authenticator Management | Hardware Token-Based Authentication Microsoft implements this Identification and Authentication control audit 1.0.0

Authenticator Management | Expiration of Cached Authenticators

ID: NIST SP 800-53 R4 IA-5 (13) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1343 - Authenticator Management | Expiration Of Cached Authenticators Microsoft implements this Identification and Authentication control audit 1.0.0

Authenticator Feedback

ID: NIST SP 800-53 R4 IA-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1344 - Authenticator Feedback Microsoft implements this Identification and Authentication control audit 1.0.0

Cryptographic Module Authentication

ID: NIST SP 800-53 R4 IA-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1345 - Cryptographic Module Authentication Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Non-Organizational Users)

ID: NIST SP 800-53 R4 IA-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1346 - Identification And Authentication (Non-Organizational Users) Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Non-Organizational Users) | Acceptance of Piv Credentials From Other Agencies

ID: NIST SP 800-53 R4 IA-8 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1347 - Identification And Authentication (Non-Org. Users) | Acceptance Of PIV Creds. From Other Agys. Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Non-Organizational Users) | Acceptance of Third-Party Credentials

ID: NIST SP 800-53 R4 IA-8 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1348 - Identification And Authentication (Non-Org. Users) | Acceptance Of Third-Party Credentials Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Non-Organizational Users) | Use of Ficam-Approved Products

ID: NIST SP 800-53 R4 IA-8 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1349 - Identification And Authentication (Non-Org. Users) | Use Of FICAM-Approved Products Microsoft implements this Identification and Authentication control audit 1.0.0

Identification and Authentication (Non-Organizational Users) | Use of Ficam-Issued Profiles

ID: NIST SP 800-53 R4 IA-8 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1350 - Identification And Authentication (Non-Org. Users) | Use Of FICAM-Issued Profiles Microsoft implements this Identification and Authentication control audit 1.0.0

Incident Response

Incident Response Policy and Procedures

ID: NIST SP 800-53 R4 IR-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1351 - Incident Response Policy And Procedures Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1352 - Incident Response Policy And Procedures Microsoft implements this Incident Response control audit 1.0.0

Incident Response Training

ID: NIST SP 800-53 R4 IR-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1353 - Incident Response Training Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1354 - Incident Response Training Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1355 - Incident Response Training Microsoft implements this Incident Response control audit 1.0.0

Incident Response Training | Simulated Events

ID: NIST SP 800-53 R4 IR-2 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1356 - Incident Response Training | Simulated Events Microsoft implements this Incident Response control audit 1.0.0

Incident Response Training | Automated Training Environments

ID: NIST SP 800-53 R4 IR-2 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1357 - Incident Response Training | Automated Training Environments Microsoft implements this Incident Response control audit 1.0.0

Incident Response Testing

ID: NIST SP 800-53 R4 IR-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1358 - Incident Response Testing Microsoft implements this Incident Response control audit 1.0.0

ID: NIST SP 800-53 R4 IR-3 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans Microsoft implements this Incident Response control audit 1.0.0

Incident Handling

ID: NIST SP 800-53 R4 IR-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1360 - Incident Handling Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1361 - Incident Handling Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1362 - Incident Handling Microsoft implements this Incident Response control audit 1.0.0

Incident Handling | Automated Incident Handling Processes

ID: NIST SP 800-53 R4 IR-4 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes Microsoft implements this Incident Response control audit 1.0.0

Incident Handling | Dynamic Reconfiguration

ID: NIST SP 800-53 R4 IR-4 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1364 - Incident Handling | Dynamic Reconfiguration Microsoft implements this Incident Response control audit 1.0.0

Incident Handling | Continuity of Operations

ID: NIST SP 800-53 R4 IR-4 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations Microsoft implements this Incident Response control audit 1.0.0

Incident Handling | Information Correlation

ID: NIST SP 800-53 R4 IR-4 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1366 - Incident Handling | Information Correlation Microsoft implements this Incident Response control audit 1.0.0

Incident Handling | Insider Threats - Specific Capabilities

ID: NIST SP 800-53 R4 IR-4 (6) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities Microsoft implements this Incident Response control audit 1.0.0

Incident Handling | Correlation With External Organizations

ID: NIST SP 800-53 R4 IR-4 (8) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1368 - Incident Handling | Correlation With External Organizations Microsoft implements this Incident Response control audit 1.0.0

Incident Monitoring

ID: NIST SP 800-53 R4 IR-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1369 - Incident Monitoring Microsoft implements this Incident Response control audit 1.0.0

Incident Monitoring | Automated Tracking / Data Collection / Analysis

ID: NIST SP 800-53 R4 IR-5 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis Microsoft implements this Incident Response control audit 1.0.0

Incident Reporting

ID: NIST SP 800-53 R4 IR-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1371 - Incident Reporting Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1372 - Incident Reporting Microsoft implements this Incident Response control audit 1.0.0

Incident Reporting | Automated Reporting

ID: NIST SP 800-53 R4 IR-6 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting Microsoft implements this Incident Response control audit 1.0.0

Incident Response Assistance

ID: NIST SP 800-53 R4 IR-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1374 - Incident Response Assistance Microsoft implements this Incident Response control audit 1.0.0

Incident Response Assistance | Automation Support for Availability of Information / Support

ID: NIST SP 800-53 R4 IR-7 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support Microsoft implements this Incident Response control audit 1.0.0

Incident Response Assistance | Coordination With External Providers

ID: NIST SP 800-53 R4 IR-7 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1376 - Incident Response Assistance | Coordination With External Providers Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers Microsoft implements this Incident Response control audit 1.0.0

Incident Response Plan

ID: NIST SP 800-53 R4 IR-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1378 - Incident Response Plan Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1379 - Incident Response Plan Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1380 - Incident Response Plan Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1381 - Incident Response Plan Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1382 - Incident Response Plan Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1383 - Incident Response Plan Microsoft implements this Incident Response control audit 1.0.0

Information Spillage Response

ID: NIST SP 800-53 R4 IR-9 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1384 - Information Spillage Response Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1385 - Information Spillage Response Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1386 - Information Spillage Response Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1387 - Information Spillage Response Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1388 - Information Spillage Response Microsoft implements this Incident Response control audit 1.0.0
Microsoft Managed Control 1389 - Information Spillage Response Microsoft implements this Incident Response control audit 1.0.0

Information Spillage Response | Responsible Personnel

ID: NIST SP 800-53 R4 IR-9 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel Microsoft implements this Incident Response control audit 1.0.0

Information Spillage Response | Training

ID: NIST SP 800-53 R4 IR-9 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1391 - Information Spillage Response | Training Microsoft implements this Incident Response control audit 1.0.0

Information Spillage Response | Post-Spill Operations

ID: NIST SP 800-53 R4 IR-9 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1392 - Information Spillage Response | Post-Spill Operations Microsoft implements this Incident Response control audit 1.0.0

Information Spillage Response | Exposure to Unauthorized Personnel

ID: NIST SP 800-53 R4 IR-9 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized Personnel Microsoft implements this Incident Response control audit 1.0.0

Maintenance

System Maintenance Policy and Procedures

ID: NIST SP 800-53 R4 MA-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1394 - System Maintenance Policy And Procedures Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1395 - System Maintenance Policy And Procedures Microsoft implements this Maintenance control audit 1.0.0

Controlled Maintenance

ID: NIST SP 800-53 R4 MA-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1396 - Controlled Maintenance Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1397 - Controlled Maintenance Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1398 - Controlled Maintenance Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1399 - Controlled Maintenance Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1400 - Controlled Maintenance Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1401 - Controlled Maintenance Microsoft implements this Maintenance control audit 1.0.0

Controlled Maintenance | Automated Maintenance Activities

ID: NIST SP 800-53 R4 MA-2 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1402 - Controlled Maintenance | Automated Maintenance Activities Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1403 - Controlled Maintenance | Automated Maintenance Activities Microsoft implements this Maintenance control audit 1.0.0

Maintenance Tools

ID: NIST SP 800-53 R4 MA-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1404 - Maintenance Tools Microsoft implements this Maintenance control audit 1.0.0

Maintenance Tools | Inspect Tools

ID: NIST SP 800-53 R4 MA-3 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1405 - Maintenance Tools | Inspect Tools Microsoft implements this Maintenance control audit 1.0.0

Maintenance Tools | Inspect Media

ID: NIST SP 800-53 R4 MA-3 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1406 - Maintenance Tools | Inspect Media Microsoft implements this Maintenance control audit 1.0.0

Maintenance Tools | Prevent Unauthorized Removal

ID: NIST SP 800-53 R4 MA-3 (3) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1407 - Maintenance Tools | Prevent Unauthorized Removal Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1408 - Maintenance Tools | Prevent Unauthorized Removal Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1409 - Maintenance Tools | Prevent Unauthorized Removal Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1410 - Maintenance Tools | Prevent Unauthorized Removal Microsoft implements this Maintenance control audit 1.0.0

Nonlocal Maintenance

ID: NIST SP 800-53 R4 MA-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1411 - Nonlocal Maintenance Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1412 - Nonlocal Maintenance Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1413 - Nonlocal Maintenance Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1414 - Nonlocal Maintenance Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1415 - Nonlocal Maintenance Microsoft implements this Maintenance control audit 1.0.0

Nonlocal Maintenance | Document Nonlocal Maintenance

ID: NIST SP 800-53 R4 MA-4 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1416 - Nonlocal Maintenance | Document Nonlocal Maintenance Microsoft implements this Maintenance control audit 1.0.0

Nonlocal Maintenance | Comparable Security / Sanitization

ID: NIST SP 800-53 R4 MA-4 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1417 - Nonlocal Maintenance | Comparable Security / Sanitization Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1418 - Nonlocal Maintenance | Comparable Security / Sanitization Microsoft implements this Maintenance control audit 1.0.0

Nonlocal Maintenance | Cryptographic Protection

ID: NIST SP 800-53 R4 MA-4 (6) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1419 - Nonlocal Maintenance | Cryptographic Protection Microsoft implements this Maintenance control audit 1.0.0

Maintenance Personnel

ID: NIST SP 800-53 R4 MA-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1420 - Maintenance Personnel Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1421 - Maintenance Personnel Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1422 - Maintenance Personnel Microsoft implements this Maintenance control audit 1.0.0

Maintenance Personnel | Individuals Without Appropriate Access

ID: NIST SP 800-53 R4 MA-5 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1423 - Maintenance Personnel | Individuals Without Appropriate Access Microsoft implements this Maintenance control audit 1.0.0
Microsoft Managed Control 1424 - Maintenance Personnel | Individuals Without Appropriate Access Microsoft implements this Maintenance control audit 1.0.0

Timely Maintenance

ID: NIST SP 800-53 R4 MA-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1425 - Timely Maintenance Microsoft implements this Maintenance control audit 1.0.0

Media Protection

Media Protection Policy and Procedures

ID: NIST SP 800-53 R4 MP-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1426 - Media Protection Policy And Procedures Microsoft implements this Media Protection control audit 1.0.0
Microsoft Managed Control 1427 - Media Protection Policy And Procedures Microsoft implements this Media Protection control audit 1.0.0

Media Access

ID: NIST SP 800-53 R4 MP-2 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1428 - Media Access Microsoft implements this Media Protection control audit 1.0.0

Media Marking

ID: NIST SP 800-53 R4 MP-3 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1429 - Media Marking Microsoft implements this Media Protection control audit 1.0.0
Microsoft Managed Control 1430 - Media Marking Microsoft implements this Media Protection control audit 1.0.0

Media Storage

ID: NIST SP 800-53 R4 MP-4 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1431 - Media Storage Microsoft implements this Media Protection control audit 1.0.0
Microsoft Managed Control 1432 - Media Storage Microsoft implements this Media Protection control audit 1.0.0

Media Transport

ID: NIST SP 800-53 R4 MP-5 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1433 - Media Transport Microsoft implements this Media Protection control audit 1.0.0
Microsoft Managed Control 1434 - Media Transport Microsoft implements this Media Protection control audit 1.0.0
Microsoft Managed Control 1435 - Media Transport Microsoft implements this Media Protection control audit 1.0.0
Microsoft Managed Control 1436 - Media Transport Microsoft implements this Media Protection control audit 1.0.0

Media Transport | Cryptographic Protection

ID: NIST SP 800-53 R4 MP-5 (4) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1437 - Media Transport | Cryptographic Protection Microsoft implements this Media Protection control audit 1.0.0

Media Sanitization

ID: NIST SP 800-53 R4 MP-6 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1438 - Media Sanitization Microsoft implements this Media Protection control audit 1.0.0
Microsoft Managed Control 1439 - Media Sanitization Microsoft implements this Media Protection control audit 1.0.0

Media Sanitization | Review / Approve / Track / Document / Verify

ID: NIST SP 800-53 R4 MP-6 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1440 - Media Sanitization | Review / Approve / Track / Document / Verify Microsoft implements this Media Protection control audit 1.0.0

Media Sanitization | Equipment Testing

ID: NIST SP 800-53 R4 MP-6 (2) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1441 - Media Sanitization | Equipment Testing Microsoft implements this Media Protection control audit 1.0.0

Media Sanitization | Nondestructive Techniques

ID: NIST SP 800-53 R4 MP-6 (3) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1442 - Media Sanitization | Nondestructive Techniques Microsoft implements this Media Protection control audit 1.0.0

Media Use

ID: NIST SP 800-53 R4 MP-7 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1443 - Media Use Microsoft implements this Media Protection control audit 1.0.0

Media Use | Prohibit Use Without Owner

ID: NIST SP 800-53 R4 MP-7 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1444 - Media Use | Prohibit Use Without Owner Microsoft implements this Media Protection control audit 1.0.0

Physical and Environmental Protection

Physical and Environmental Protection Policy and Procedures

ID: NIST SP 800-53 R4 PE-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1445 - Physical And Environmental Protection Policy And Procedures Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1446 - Physical And Environmental Protection Policy And Procedures Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Physical Access Authorizations

ID: NIST SP 800-53 R4 PE-2 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1447 - Physical Access Authorizations Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1448 - Physical Access Authorizations Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1449 - Physical Access Authorizations Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1450 - Physical Access Authorizations Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Physical Access Control

ID: NIST SP 800-53 R4 PE-3 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1451 - Physical Access Control Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1452 - Physical Access Control Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1453 - Physical Access Control Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1454 - Physical Access Control Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1455 - Physical Access Control Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1456 - Physical Access Control Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1457 - Physical Access Control Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Physical Access Control | Information System Access

ID: NIST SP 800-53 R4 PE-3 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1458 - Physical Access Control | Information System Access Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Access Control for Transmission Medium

ID: NIST SP 800-53 R4 PE-4 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1459 - Access Control For Transmission Medium Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Access Control for Output Devices

ID: NIST SP 800-53 R4 PE-5 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1460 - Access Control For Output Devices Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Monitoring Physical Access

ID: NIST SP 800-53 R4 PE-6 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1461 - Monitoring Physical Access Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1462 - Monitoring Physical Access Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1463 - Monitoring Physical Access Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment

ID: NIST SP 800-53 R4 PE-6 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Monitoring Physical Access | Monitoring Physical Access to Information Systems

ID: NIST SP 800-53 R4 PE-6 (4) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1465 - Monitoring Physical Access | Monitoring Physical Access To Information Systems Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Visitor Access Records

ID: NIST SP 800-53 R4 PE-8 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1466 - Visitor Access Records Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1467 - Visitor Access Records Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Visitor Access Records | Automated Records Maintenance / Review

ID: NIST SP 800-53 R4 PE-8 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1468 - Visitor Access Records | Automated Records Maintenance / Review Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Power Equipment and Cabling

ID: NIST SP 800-53 R4 PE-9 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1469 - Power Equipment And Cabling Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Emergency Shutoff

ID: NIST SP 800-53 R4 PE-10 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1470 - Emergency Shutoff Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1471 - Emergency Shutoff Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1472 - Emergency Shutoff Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Emergency Power

ID: NIST SP 800-53 R4 PE-11 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1473 - Emergency Power Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Emergency Power | Long-Term Alternate Power Supply - Minimal Operational Capability

ID: NIST SP 800-53 R4 PE-11 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1474 - Emergency Power | Long-Term Alternate Power Supply - Minimal Operational Capability Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Emergency Lighting

ID: NIST SP 800-53 R4 PE-12 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1475 - Emergency Lighting Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Fire Protection

ID: NIST SP 800-53 R4 PE-13 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1476 - Fire Protection Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Fire Protection | Detection Devices / Systems

ID: NIST SP 800-53 R4 PE-13 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1477 - Fire Protection | Detection Devices / Systems Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Fire Protection | Suppression Devices / Systems

ID: NIST SP 800-53 R4 PE-13 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1478 - Fire Protection | Suppression Devices / Systems Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Fire Protection | Automatic Fire Suppression

ID: NIST SP 800-53 R4 PE-13 (3) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1479 - Fire Protection | Automatic Fire Suppression Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Temperature and Humidity Controls

ID: NIST SP 800-53 R4 PE-14 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1480 - Temperature And Humidity Controls Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1481 - Temperature And Humidity Controls Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Temperature and Humidity Controls | Monitoring With Alarms / Notifications

ID: NIST SP 800-53 R4 PE-14 (2) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1482 - Temperature And Humidity Controls | Monitoring With Alarms / Notifications Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Water Damage Protection

ID: NIST SP 800-53 R4 PE-15 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1483 - Water Damage Protection Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Water Damage Protection | Automation Support

ID: NIST SP 800-53 R4 PE-15 (1) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1484 - Water Damage Protection | Automation Support Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Delivery and Removal

ID: NIST SP 800-53 R4 PE-16 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1485 - Delivery And Removal Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Alternate Work Site

ID: NIST SP 800-53 R4 PE-17 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1486 - Alternate Work Site Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1487 - Alternate Work Site Microsoft implements this Physical and Environmental Protection control audit 1.0.0
Microsoft Managed Control 1488 - Alternate Work Site Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Location of Information System Components

ID: NIST SP 800-53 R4 PE-18 Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1489 - Location Of Information System Components Microsoft implements this Physical and Environmental Protection control audit 1.0.0

Planning

Security Planning Policy and Procedures

ID: NIST SP 800-53 R4 PL-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1490 - Security Planning Policy And Procedures Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1491 - Security Planning Policy And Procedures Microsoft implements this Planning control audit 1.0.0

System Security Plan

ID: NIST SP 800-53 R4 PL-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1492 - System Security Plan Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1493 - System Security Plan Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1494 - System Security Plan Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1495 - System Security Plan Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1496 - System Security Plan Microsoft implements this Planning control audit 1.0.0

System Security Plan | Plan / Coordinate With Other Organizational Entities

ID: NIST SP 800-53 R4 PL-2 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1497 - System Security Plan | Plan / Coordinate With Other Organizational Entities Microsoft implements this Planning control audit 1.0.0

Rules of Behavior

ID: NIST SP 800-53 R4 PL-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1498 - Rules Of Behavior Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1499 - Rules Of Behavior Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1500 - Rules Of Behavior Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1501 - Rules Of Behavior Microsoft implements this Planning control audit 1.0.0

Rules of Behavior | Social Media and Networking Restrictions

ID: NIST SP 800-53 R4 PL-4 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1502 - Rules Of Behavior | Social Media And Networking Restrictions Microsoft implements this Planning control audit 1.0.0

Information Security Architecture

ID: NIST SP 800-53 R4 PL-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1503 - Information Security Architecture Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1504 - Information Security Architecture Microsoft implements this Planning control audit 1.0.0
Microsoft Managed Control 1505 - Information Security Architecture Microsoft implements this Planning control audit 1.0.0

Personnel Security

Personnel Security Policy and Procedures

ID: NIST SP 800-53 R4 PS-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1506 - Personnel Security Policy And Procedures Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1507 - Personnel Security Policy And Procedures Microsoft implements this Personnel Security control audit 1.0.0

Position Risk Designation

ID: NIST SP 800-53 R4 PS-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1508 - Position Risk Designation Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1509 - Position Risk Designation Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1510 - Position Risk Designation Microsoft implements this Personnel Security control audit 1.0.0

Personnel Screening

ID: NIST SP 800-53 R4 PS-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1511 - Personnel Screening Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1512 - Personnel Screening Microsoft implements this Personnel Security control audit 1.0.0

Personnel Screening | Information With Special Protection Measures

ID: NIST SP 800-53 R4 PS-3 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1513 - Personnel Screening | Information With Special Protection Measures Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1514 - Personnel Screening | Information With Special Protection Measures Microsoft implements this Personnel Security control audit 1.0.0

Personnel Termination

ID: NIST SP 800-53 R4 PS-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1515 - Personnel Termination Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1516 - Personnel Termination Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1517 - Personnel Termination Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1518 - Personnel Termination Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1519 - Personnel Termination Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1520 - Personnel Termination Microsoft implements this Personnel Security control audit 1.0.0

Personnel Termination | Automated Notification

ID: NIST SP 800-53 R4 PS-4 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1521 - Personnel Termination | Automated Notification Microsoft implements this Personnel Security control audit 1.0.0

Personnel Transfer

ID: NIST SP 800-53 R4 PS-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1522 - Personnel Transfer Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1523 - Personnel Transfer Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1524 - Personnel Transfer Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1525 - Personnel Transfer Microsoft implements this Personnel Security control audit 1.0.0

Access Agreements

ID: NIST SP 800-53 R4 PS-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1526 - Access Agreements Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1527 - Access Agreements Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1528 - Access Agreements Microsoft implements this Personnel Security control audit 1.0.0

Third-Party Personnel Security

ID: NIST SP 800-53 R4 PS-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1529 - Third-Party Personnel Security Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1530 - Third-Party Personnel Security Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1531 - Third-Party Personnel Security Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1532 - Third-Party Personnel Security Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1533 - Third-Party Personnel Security Microsoft implements this Personnel Security control audit 1.0.0

Personnel Sanctions

ID: NIST SP 800-53 R4 PS-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1534 - Personnel Sanctions Microsoft implements this Personnel Security control audit 1.0.0
Microsoft Managed Control 1535 - Personnel Sanctions Microsoft implements this Personnel Security control audit 1.0.0

Risk Assessment

Risk Assessment Policy and Procedures

ID: NIST SP 800-53 R4 RA-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures Microsoft implements this Risk Assessment control audit 1.0.0

Security Categorization

ID: NIST SP 800-53 R4 RA-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1538 - Security Categorization Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1539 - Security Categorization Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1540 - Security Categorization Microsoft implements this Risk Assessment control audit 1.0.0

Risk Assessment

ID: NIST SP 800-53 R4 RA-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1541 - Risk Assessment Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1542 - Risk Assessment Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1543 - Risk Assessment Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1544 - Risk Assessment Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1545 - Risk Assessment Microsoft implements this Risk Assessment control audit 1.0.0

Vulnerability Scanning

ID: NIST SP 800-53 R4 RA-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Advanced data security should be enabled on SQL Managed Instance Audit each SQL Managed Instance without advanced data security. AuditIfNotExists, Disabled 1.0.1
Advanced data security should be enabled on your SQL servers Audit SQL servers without Advanced Data Security AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1546 - Vulnerability Scanning Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1547 - Vulnerability Scanning Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1548 - Vulnerability Scanning Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1549 - Vulnerability Scanning Microsoft implements this Risk Assessment control audit 1.0.0
Microsoft Managed Control 1550 - Vulnerability Scanning Microsoft implements this Risk Assessment control audit 1.0.0
Vulnerabilities in security configuration on your machines should be remediated Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations AuditIfNotExists, Disabled 1.0.0
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Audit the OS vulnerabilities on your virtual machine scale sets to protect them from attacks. AuditIfNotExists, Disabled 1.0.0
Vulnerabilities on your SQL databases should be remediated Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities. AuditIfNotExists, Disabled 1.0.0
Vulnerabilities should be remediated by a Vulnerability Assessment solution Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations. AuditIfNotExists, Disabled 1.0.0

Vulnerability Scanning | Update Tool Capability

ID: NIST SP 800-53 R4 RA-5 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability Microsoft implements this Risk Assessment control audit 1.0.0

Vulnerability Scanning | Update by Frequency / Prior to New Scan / When Identified

ID: NIST SP 800-53 R4 RA-5 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified Microsoft implements this Risk Assessment control audit 1.0.0

Vulnerability Scanning | Breadth / Depth of Coverage

ID: NIST SP 800-53 R4 RA-5 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage Microsoft implements this Risk Assessment control audit 1.0.0

Vulnerability Scanning | Discoverable Information

ID: NIST SP 800-53 R4 RA-5 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information Microsoft implements this Risk Assessment control audit 1.0.0

Vulnerability Scanning | Privileged Access

ID: NIST SP 800-53 R4 RA-5 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access Microsoft implements this Risk Assessment control audit 1.0.0

Vulnerability Scanning | Automated Trend Analyses

ID: NIST SP 800-53 R4 RA-5 (6) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses Microsoft implements this Risk Assessment control audit 1.0.0

Vulnerability Scanning | Review Historic Audit Logs

ID: NIST SP 800-53 R4 RA-5 (8) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs Microsoft implements this Risk Assessment control audit 1.0.0

Vulnerability Scanning | Correlate Scanning Information

ID: NIST SP 800-53 R4 RA-5 (10) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information Microsoft implements this Risk Assessment control audit 1.0.0

System and Services Acquisition

System and Services Acquisition Policy and Procedures

ID: NIST SP 800-53 R4 SA-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1559 - System And Services Acquisition Policy And Procedures Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1560 - System And Services Acquisition Policy And Procedures Microsoft implements this System and Services Acquisition control audit 1.0.0

Allocation of Resources

ID: NIST SP 800-53 R4 SA-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1561 - Allocation Of Resources Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1562 - Allocation Of Resources Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1563 - Allocation Of Resources Microsoft implements this System and Services Acquisition control audit 1.0.0

System Development Life Cycle

ID: NIST SP 800-53 R4 SA-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1564 - System Development Life Cycle Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1565 - System Development Life Cycle Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1566 - System Development Life Cycle Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1567 - System Development Life Cycle Microsoft implements this System and Services Acquisition control audit 1.0.0

Acquisition Process

ID: NIST SP 800-53 R4 SA-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1568 - Acquisition Process Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1569 - Acquisition Process Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1570 - Acquisition Process Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1571 - Acquisition Process Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1572 - Acquisition Process Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1573 - Acquisition Process Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1574 - Acquisition Process Microsoft implements this System and Services Acquisition control audit 1.0.0

Acquisition Process | Functional Properties of Security Controls

ID: NIST SP 800-53 R4 SA-4 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1575 - Acquisition Process | Functional Properties Of Security Controls Microsoft implements this System and Services Acquisition control audit 1.0.0

Acquisition Process | Design / Implementation Information for Security Controls

ID: NIST SP 800-53 R4 SA-4 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1576 - Acquisition Process | Design / Implementation Information For Security Controls Microsoft implements this System and Services Acquisition control audit 1.0.0

Acquisition Process | Continuous Monitoring Plan

ID: NIST SP 800-53 R4 SA-4 (8) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1577 - Acquisition Process | Continuous Monitoring Plan Microsoft implements this System and Services Acquisition control audit 1.0.0

Acquisition Process | Functions / Ports / Protocols / Services in Use

ID: NIST SP 800-53 R4 SA-4 (9) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1578 - Acquisition Process | Functions / Ports / Protocols / Services In Use Microsoft implements this System and Services Acquisition control audit 1.0.0

Acquisition Process | Use of Approved Piv Products

ID: NIST SP 800-53 R4 SA-4 (10) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1579 - Acquisition Process | Use Of Approved Piv Products Microsoft implements this System and Services Acquisition control audit 1.0.0

Information System Documentation

ID: NIST SP 800-53 R4 SA-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1580 - Information System Documentation Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1581 - Information System Documentation Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1582 - Information System Documentation Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1583 - Information System Documentation Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1584 - Information System Documentation Microsoft implements this System and Services Acquisition control audit 1.0.0

Security Engineering Principles

ID: NIST SP 800-53 R4 SA-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1585 - Security Engineering Principles Microsoft implements this System and Services Acquisition control audit 1.0.0

External Information System Services

ID: NIST SP 800-53 R4 SA-9 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1586 - External Information System Services Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1587 - External Information System Services Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1588 - External Information System Services Microsoft implements this System and Services Acquisition control audit 1.0.0

External Information System Services | Risk Assessments / Organizational Approvals

ID: NIST SP 800-53 R4 SA-9 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1589 - External Information System Services | Risk Assessments / Organizational Approvals Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals Microsoft implements this System and Services Acquisition control audit 1.0.0

External Information System Services | Identification of Functions / Ports / Protocols / Services

ID: NIST SP 800-53 R4 SA-9 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1591 - External Information System Services | Ident. Of Functions / Ports / Protocols / Services Microsoft implements this System and Services Acquisition control audit 1.0.0

External Information System Services | Consistent Interests of Consumers and Providers

ID: NIST SP 800-53 R4 SA-9 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1592 - External Information System Services | Consistent Interests Of Consumers And Providers Microsoft implements this System and Services Acquisition control audit 1.0.0

External Information System Services | Processing, Storage, and Service Location

ID: NIST SP 800-53 R4 SA-9 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1593 - External Information System Services | Processing, Storage, And Service Location Microsoft implements this System and Services Acquisition control audit 1.0.0

Developer Configuration Management

ID: NIST SP 800-53 R4 SA-10 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1594 - Developer Configuration Management Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1595 - Developer Configuration Management Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1596 - Developer Configuration Management Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1597 - Developer Configuration Management Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1598 - Developer Configuration Management Microsoft implements this System and Services Acquisition control audit 1.0.0

Developer Configuration Management | Software / Firmware Integrity Verification

ID: NIST SP 800-53 R4 SA-10 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification Microsoft implements this System and Services Acquisition control audit 1.0.0

Developer Security Testing and Evaluation

ID: NIST SP 800-53 R4 SA-11 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1600 - Developer Security Testing And Evaluation Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1601 - Developer Security Testing And Evaluation Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1602 - Developer Security Testing And Evaluation Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1603 - Developer Security Testing And Evaluation Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1604 - Developer Security Testing And Evaluation Microsoft implements this System and Services Acquisition control audit 1.0.0

Developer Security Testing and Evaluation | Static Code Analysis

ID: NIST SP 800-53 R4 SA-11 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1605 - Developer Security Testing And Evaluation | Static Code Analysis Microsoft implements this System and Services Acquisition control audit 1.0.0

Developer Security Testing and Evaluation | Threat and Vulnerability Analyses

ID: NIST SP 800-53 R4 SA-11 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses Microsoft implements this System and Services Acquisition control audit 1.0.0

Developer Security Testing and Evaluation | Dynamic Code Analysis

ID: NIST SP 800-53 R4 SA-11 (8) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1607 - Developer Security Testing And Evaluation | Dynamic Code Analysis Microsoft implements this System and Services Acquisition control audit 1.0.0

Supply Chain Protection

ID: NIST SP 800-53 R4 SA-12 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1608 - Supply Chain Protection Microsoft implements this System and Services Acquisition control audit 1.0.0

Development Process, Standards, and Tools

ID: NIST SP 800-53 R4 SA-15 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1609 - Development Process, Standards, And Tools Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1610 - Development Process, Standards, And Tools Microsoft implements this System and Services Acquisition control audit 1.0.0

Developer-Provided Training

ID: NIST SP 800-53 R4 SA-16 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1611 - Developer-Provided Training Microsoft implements this System and Services Acquisition control audit 1.0.0

Developer Security Architecture and Design

ID: NIST SP 800-53 R4 SA-17 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1612 - Developer Security Architecture And Design Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1613 - Developer Security Architecture And Design Microsoft implements this System and Services Acquisition control audit 1.0.0
Microsoft Managed Control 1614 - Developer Security Architecture And Design Microsoft implements this System and Services Acquisition control audit 1.0.0

System and Communications Protection

System and Communications Protection Policy and Procedures

ID: NIST SP 800-53 R4 SC-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1615 - System And Communications Protection Policy And Procedures Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures Microsoft implements this System and Communications Protection control audit 1.0.0

Application Partitioning

ID: NIST SP 800-53 R4 SC-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1617 - Application Partitioning Microsoft implements this System and Communications Protection control audit 1.0.0

Security Function Isolation

ID: NIST SP 800-53 R4 SC-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1618 - Security Function Isolation Microsoft implements this System and Communications Protection control audit 1.0.0

Information in Shared Resources

ID: NIST SP 800-53 R4 SC-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1619 - Information In Shared Resources Microsoft implements this System and Communications Protection control audit 1.0.0

Denial of Service Protection

ID: NIST SP 800-53 R4 SC-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Azure DDoS Protection Standard should be enabled DDoS protection standard should be enabled for all virtual networks with a subnet that is part of an application gateway with a public IP. AuditIfNotExists, Disabled 1.0.1
Microsoft Managed Control 1620 - Denial Of Service Protection Microsoft implements this System and Communications Protection control audit 1.0.0

Resource Availability

ID: NIST SP 800-53 R4 SC-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1621 - Resource Availability Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection

ID: NIST SP 800-53 R4 SC-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Access through Internet facing endpoint should be restricted Azure Security center has identified some of your Network Security Groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to easily target your resources. AuditIfNotExists, Disabled 1.0.0
Adaptive Network Hardening recommendations should be applied on internet facing virtual machines Azure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential attack surface AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1622 - Boundary Protection Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1623 - Boundary Protection Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1624 - Boundary Protection Microsoft implements this System and Communications Protection control audit 1.0.0
Storage accounts should restrict network access Network access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premise clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges Audit, Deny, Disabled 1.1.0

Boundary Protection | Access Points

ID: NIST SP 800-53 R4 SC-7 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Management ports of virtual machines should be protected with just-in-time network access control Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations AuditIfNotExists, Disabled 1.0.1
Microsoft Managed Control 1625 - Boundary Protection | Access Points Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | External Telecommunications Services

ID: NIST SP 800-53 R4 SC-7 (4) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Management ports of virtual machines should be protected with just-in-time network access control Possible network Just In Time (JIT) access will be monitored by Azure Security Center as recommendations AuditIfNotExists, Disabled 1.0.1
Microsoft Managed Control 1626 - Boundary Protection | External Telecommunications Services Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1627 - Boundary Protection | External Telecommunications Services Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1628 - Boundary Protection | External Telecommunications Services Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1629 - Boundary Protection | External Telecommunications Services Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1630 - Boundary Protection | External Telecommunications Services Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | Deny by Default / Allow by Exception

ID: NIST SP 800-53 R4 SC-7 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1631 - Boundary Protection | Deny By Default / Allow By Exception Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | Prevent Split Tunneling for Remote Devices

ID: NIST SP 800-53 R4 SC-7 (7) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1632 - Boundary Protection | Prevent Split Tunneling For Remote Devices Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | Route Traffic to Authenticated Proxy Servers

ID: NIST SP 800-53 R4 SC-7 (8) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1633 - Boundary Protection | Route Traffic To Authenticated Proxy Servers Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | Prevent Unauthorized Exfiltration

ID: NIST SP 800-53 R4 SC-7 (10) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1634 - Boundary Protection | Prevent Unauthorized Exfiltration Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | Host-Based Protection

ID: NIST SP 800-53 R4 SC-7 (12) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1635 - Boundary Protection | Host-Based Protection Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | Isolation of Security Tools / Mechanisms / Support Components

ID: NIST SP 800-53 R4 SC-7 (13) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1636 - Boundary Protection | Isolation Of Security Tools / Mechanisms / Support Components Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | Fail Secure

ID: NIST SP 800-53 R4 SC-7 (18) Ownership: Microsoft

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1637 - Boundary Protection | Fail Secure Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | Dynamic Isolation / Segregation

ID: NIST SP 800-53 R4 SC-7 (20) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1638 - Boundary Protection | Dynamic Isolation / Segregation Microsoft implements this System and Communications Protection control audit 1.0.0

Boundary Protection | Isolation of Information System Components

ID: NIST SP 800-53 R4 SC-7 (21) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1639 - Boundary Protection | Isolation Of Information System Components Microsoft implements this System and Communications Protection control audit 1.0.0

Transmission Confidentiality and Integrity

ID: NIST SP 800-53 R4 SC-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1640 - Transmission Confidentiality And Integrity Microsoft implements this System and Communications Protection control audit 1.0.0

Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection

ID: NIST SP 800-53 R4 SC-8 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
API App should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Audit, Disabled 1.0.0
Deploy prerequisites to audit Windows web servers that are not using secure communication protocols This policy creates a Guest Configuration assignment to audit Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). It also creates a system-assigned managed identity and deploys the VM extension for Guest Configuration. This policy should only be used along with its corresponding audit policy in an initiative. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol deployIfNotExists 1.2.0
Function App should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Audit, Disabled 1.0.0
Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection Microsoft implements this System and Communications Protection control audit 1.0.0
Only secure connections to your Azure Cache for Redis should be enabled Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking Audit, Deny, Disabled 1.0.0
Secure transfer to storage accounts should be enabled Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking Audit, Deny, Disabled 2.0.0
Show audit results from Windows web servers that are not using secure communication protocols This policy should only be used along with its corresponding deploy policy in an initiative. This definition allows Azure Policy to process the results of auditing Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol auditIfNotExists 1.0.0
Web Application should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Audit, Disabled 1.0.0

Network Disconnect

ID: NIST SP 800-53 R4 SC-10 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1642 - Network Disconnect Microsoft implements this System and Communications Protection control audit 1.0.0

Cryptographic Key Establishment and Management

ID: NIST SP 800-53 R4 SC-12 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management Microsoft implements this System and Communications Protection control audit 1.0.0

Cryptographic Key Establishment and Management | Availability

ID: NIST SP 800-53 R4 SC-12 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1644 - Cryptographic Key Establishment And Management | Availability Microsoft implements this System and Communications Protection control audit 1.0.0

Cryptographic Key Establishment and Management | Symmetric Keys

ID: NIST SP 800-53 R4 SC-12 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric Keys Microsoft implements this System and Communications Protection control audit 1.0.0

Cryptographic Key Establishment and Management | Asymmetric Keys

ID: NIST SP 800-53 R4 SC-12 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management | Asymmetric Keys Microsoft implements this System and Communications Protection control audit 1.0.0

Cryptographic Protection

ID: NIST SP 800-53 R4 SC-13 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1647 - Cryptographic Protection Microsoft implements this System and Communications Protection control audit 1.0.0

Collaborative Computing Devices

ID: NIST SP 800-53 R4 SC-15 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1648 - Collaborative Computing Devices Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1649 - Collaborative Computing Devices Microsoft implements this System and Communications Protection control audit 1.0.0

Public Key Infrastructure Certificates

ID: NIST SP 800-53 R4 SC-17 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1650 - Public Key Infrastructure Certificates Microsoft implements this System and Communications Protection control audit 1.0.0

Mobile Code

ID: NIST SP 800-53 R4 SC-18 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1651 - Mobile Code Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1652 - Mobile Code Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1653 - Mobile Code Microsoft implements this System and Communications Protection control audit 1.0.0

Voice Over Internet Protocol

ID: NIST SP 800-53 R4 SC-19 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1654 - Voice Over Internet Protocol Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1655 - Voice Over Internet Protocol Microsoft implements this System and Communications Protection control audit 1.0.0

Secure Name / Address Resolution Service (Authoritative Source)

ID: NIST SP 800-53 R4 SC-20 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1656 - Secure Name / Address Resolution Service (Authoritative Source) Microsoft implements this System and Communications Protection control audit 1.0.0
Microsoft Managed Control 1657 - Secure Name / Address Resolution Service (Authoritative Source) Microsoft implements this System and Communications Protection control audit 1.0.0

Secure Name / Address Resolution Service (Recursive or Caching Resolver)

ID: NIST SP 800-53 R4 SC-21 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1658 - Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Microsoft implements this System and Communications Protection control audit 1.0.0

Architecture and Provisioning for Name / Address Resolution Service

ID: NIST SP 800-53 R4 SC-22 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution Service Microsoft implements this System and Communications Protection control audit 1.0.0

Session Authenticity

ID: NIST SP 800-53 R4 SC-23 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1660 - Session Authenticity Microsoft implements this System and Communications Protection control audit 1.0.0

Session Authenticity | Invalidate Session Identifiers at Logout

ID: NIST SP 800-53 R4 SC-23 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1661 - Session Authenticity | Invalidate Session Identifiers At Logout Microsoft implements this System and Communications Protection control audit 1.0.0

Fail in Known State

ID: NIST SP 800-53 R4 SC-24 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1662 - Fail In Known State Microsoft implements this System and Communications Protection control audit 1.0.0

Protection of Information at Rest

ID: NIST SP 800-53 R4 SC-28 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1663 - Protection Of Information At Rest Microsoft implements this System and Communications Protection control audit 1.0.0

Protection of Information at Rest | Cryptographic Protection

ID: NIST SP 800-53 R4 SC-28 (1) Ownership: Customer

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Advanced data security should be enabled on SQL Managed Instance Audit each SQL Managed Instance without advanced data security. AuditIfNotExists, Disabled 1.0.1
Advanced data security should be enabled on your SQL servers Audit SQL servers without Advanced Data Security AuditIfNotExists, Disabled 1.0.0
Disk encryption should be applied on virtual machines VMs without an enabled disk encryption will be monitored by Azure Security Center as recommendations AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection Microsoft implements this System and Communications Protection control audit 1.0.0
Transparent Data Encryption on SQL databases should be enabled Transparent data encryption should be enabled to protect data-at-rest and meet compliance requirements AuditIfNotExists, Disabled 1.0.0

Process Isolation

ID: NIST SP 800-53 R4 SC-39 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1665 - Process Isolation Microsoft implements this System and Communications Protection control audit 1.0.0

System and Information Integrity

System and Information Integrity Policy and Procedures

ID: NIST SP 800-53 R4 SI-1 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1666 - System And Information Integrity Policy And Procedures Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1667 - System And Information Integrity Policy And Procedures Microsoft implements this System and Information Integrity control audit 1.0.0

Flaw Remediation

ID: NIST SP 800-53 R4 SI-2 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1668 - Flaw Remediation Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1669 - Flaw Remediation Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1670 - Flaw Remediation Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1671 - Flaw Remediation Microsoft implements this System and Information Integrity control audit 1.0.0
System updates on virtual machine scale sets should be installed Audit whether there are any missing system security updates and critical updates that should be installed to ensure that your Windows and Linux virtual machine scale sets are secure. AuditIfNotExists, Disabled 1.0.0
System updates should be installed on your machines Missing security system updates on your servers will be monitored by Azure Security Center as recommendations AuditIfNotExists, Disabled 1.0.0
Vulnerabilities in security configuration on your machines should be remediated Servers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations AuditIfNotExists, Disabled 1.0.0
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Audit the OS vulnerabilities on your virtual machine scale sets to protect them from attacks. AuditIfNotExists, Disabled 1.0.0
Vulnerabilities on your SQL databases should be remediated Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities. AuditIfNotExists, Disabled 1.0.0
Vulnerabilities should be remediated by a Vulnerability Assessment solution Monitors vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations. AuditIfNotExists, Disabled 1.0.0

Flaw Remediation | Central Management

ID: NIST SP 800-53 R4 SI-2 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1672 - Flaw Remediation | Central Management Microsoft implements this System and Information Integrity control audit 1.0.0

Flaw Remediation | Automated Flaw Remediation Status

ID: NIST SP 800-53 R4 SI-2 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1673 - Flaw Remediation | Automated Flaw Remediation Status Microsoft implements this System and Information Integrity control audit 1.0.0

Flaw Remediation | Time to Remediate Flaws / Benchmarks for Corrective Actions

ID: NIST SP 800-53 R4 SI-2 (3) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1674 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1675 - Flaw Remediation | Time To Remediate Flaws / Benchmarks For Corrective Actions Microsoft implements this System and Information Integrity control audit 1.0.0

Malicious Code Protection

ID: NIST SP 800-53 R4 SI-3 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Endpoint protection solution should be installed on virtual machine scale sets Audit the existence and health of an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities. AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1676 - Malicious Code Protection Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1677 - Malicious Code Protection Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1678 - Malicious Code Protection Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1679 - Malicious Code Protection Microsoft implements this System and Information Integrity control audit 1.0.0
Monitor missing Endpoint Protection in Azure Security Center Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations AuditIfNotExists, Disabled 1.0.0

Malicious Code Protection | Central Management

ID: NIST SP 800-53 R4 SI-3 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Endpoint protection solution should be installed on virtual machine scale sets Audit the existence and health of an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities. AuditIfNotExists, Disabled 1.0.0
Microsoft Managed Control 1680 - Malicious Code Protection | Central Management Microsoft implements this System and Information Integrity control audit 1.0.0
Monitor missing Endpoint Protection in Azure Security Center Servers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendations AuditIfNotExists, Disabled 1.0.0

Malicious Code Protection | Automatic Updates

ID: NIST SP 800-53 R4 SI-3 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1681 - Malicious Code Protection | Automatic Updates Microsoft implements this System and Information Integrity control audit 1.0.0

Malicious Code Protection | Nonsignature-Based Detection

ID: NIST SP 800-53 R4 SI-3 (7) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1682 - Malicious Code Protection | Nonsignature-Based Detection Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring

ID: NIST SP 800-53 R4 SI-4 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. auditIfNotExists 1.0.0-preview
Advanced data security should be enabled on SQL Managed Instance Audit each SQL Managed Instance without advanced data security. AuditIfNotExists, Disabled 1.0.1
Advanced data security should be enabled on your SQL servers Audit SQL servers without Advanced Data Security AuditIfNotExists, Disabled 1.0.0
Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted Reports virtual machine scale sets as non-compliant if the VM Image (OS) is not in the list defined and the agent is not installed. The list of OS images will be updated over time as support is updated. auditIfNotExists 1.0.1
Audit Log Analytics workspace for VM - Report Mismatch Reports VMs as non-compliant if they aren't logging to the Log Analytics workspace specified in the policy/initiative assignment. audit 1.0.1
Microsoft Managed Control 1683 - Information System Monitoring Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1684 - Information System Monitoring Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1685 - Information System Monitoring Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1686 - Information System Monitoring Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1687 - Information System Monitoring Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1688 - Information System Monitoring Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1689 - Information System Monitoring Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | System-Wide Intrusion Detection System

ID: NIST SP 800-53 R4 SI-4 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1690 - Information System Monitoring | System-Wide Intrusion Detection System Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Automated Tools for Real-Time Analysis

ID: NIST SP 800-53 R4 SI-4 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1691 - Information System Monitoring | Automated Tools For Real-Time Analysis Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Inbound and Outbound Communications Traffic

ID: NIST SP 800-53 R4 SI-4 (4) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1692 - Information System Monitoring | Inbound And Outbound Communications Traffic Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | System-Generated Alerts

ID: NIST SP 800-53 R4 SI-4 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1693 - Information System Monitoring | System-Generated Alerts Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Analyze Communications Traffic Anomalies

ID: NIST SP 800-53 R4 SI-4 (11) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1694 - Information System Monitoring | Analyze Communications Traffic Anomalies Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Wireless Intrusion Detection

ID: NIST SP 800-53 R4 SI-4 (14) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1695 - Information System Monitoring | Wireless Intrusion Detection Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Correlate Monitoring Information

ID: NIST SP 800-53 R4 SI-4 (16) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1696 - Information System Monitoring | Correlate Monitoring Information Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Analyze Traffic / Covert Exfiltration

ID: NIST SP 800-53 R4 SI-4 (18) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1697 - Information System Monitoring | Analyze Traffic / Covert Exfiltration Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Individuals Posing Greater Risk

ID: NIST SP 800-53 R4 SI-4 (19) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1698 - Information System Monitoring | Individuals Posing Greater Risk Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Privileged Users

ID: NIST SP 800-53 R4 SI-4 (20) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1699 - Information System Monitoring | Privileged Users Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Unauthorized Network Services

ID: NIST SP 800-53 R4 SI-4 (22) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1700 - Information System Monitoring | Unauthorized Network Services Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Host-Based Devices

ID: NIST SP 800-53 R4 SI-4 (23) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1701 - Information System Monitoring | Host-Based Devices Microsoft implements this System and Information Integrity control audit 1.0.0

Information System Monitoring | Indicators of Compromise

ID: NIST SP 800-53 R4 SI-4 (24) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1702 - Information System Monitoring | Indicators Of Compromise Microsoft implements this System and Information Integrity control audit 1.0.0

Security Alerts, Advisories, and Directives

ID: NIST SP 800-53 R4 SI-5 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1703 - Security Alerts, Advisories, And Directives Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1704 - Security Alerts, Advisories, And Directives Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1705 - Security Alerts, Advisories, And Directives Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1706 - Security Alerts, Advisories, And Directives Microsoft implements this System and Information Integrity control audit 1.0.0

Security Alerts, Advisories, and Directives | Automated Alerts and Advisories

ID: NIST SP 800-53 R4 SI-5 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1707 - Security Alerts, Advisories, And Directives | Automated Alerts And Advisories Microsoft implements this System and Information Integrity control audit 1.0.0

Security Function Verification

ID: NIST SP 800-53 R4 SI-6 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1708 - Security Function Verification Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1709 - Security Function Verification Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1710 - Security Function Verification Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1711 - Security Function Verification Microsoft implements this System and Information Integrity control audit 1.0.0

Software, Firmware, and Information Integrity

ID: NIST SP 800-53 R4 SI-7 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1712 - Software, Firmware, And Information Integrity Microsoft implements this System and Information Integrity control audit 1.0.0

Software, Firmware, and Information Integrity | Integrity Checks

ID: NIST SP 800-53 R4 SI-7 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1713 - Software, Firmware, And Information Integrity | Integrity Checks Microsoft implements this System and Information Integrity control audit 1.0.0

Software, Firmware, and Information Integrity | Automated Notifications of Integrity Violations

ID: NIST SP 800-53 R4 SI-7 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1714 - Software, Firmware, And Information Integrity | Automated Notifications Of Integrity Violations Microsoft implements this System and Information Integrity control audit 1.0.0

Software, Firmware, and Information Integrity | Automated Response to Integrity Violations

ID: NIST SP 800-53 R4 SI-7 (5) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1715 - Software, Firmware, And Information Integrity | Automated Response To Integrity Violations Microsoft implements this System and Information Integrity control audit 1.0.0

Software, Firmware, and Information Integrity | Integration of Detection and Response

ID: NIST SP 800-53 R4 SI-7 (7) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1716 - Software, Firmware, And Information Integrity | Integration Of Detection And Response Microsoft implements this System and Information Integrity control audit 1.0.0

Software, Firmware, and Information Integrity | Binary or Machine Executable Code

ID: NIST SP 800-53 R4 SI-7 (14) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1717 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1718 - Software, Firmware, And Information Integrity | Binary Or Machine Executable Code Microsoft implements this System and Information Integrity control audit 1.0.0

Spam Protection

ID: NIST SP 800-53 R4 SI-8 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1719 - Spam Protection Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1720 - Spam Protection Microsoft implements this System and Information Integrity control audit 1.0.0

Spam Protection | Central Management

ID: NIST SP 800-53 R4 SI-8 (1) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1721 - Spam Protection | Central Management Microsoft implements this System and Information Integrity control audit 1.0.0

Spam Protection | Automatic Updates

ID: NIST SP 800-53 R4 SI-8 (2) Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1722 - Spam Protection | Automatic Updates Microsoft implements this System and Information Integrity control audit 1.0.0

Information Input Validation

ID: NIST SP 800-53 R4 SI-10 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1723 - Information Input Validation Microsoft implements this System and Information Integrity control audit 1.0.0

Error Handling

ID: NIST SP 800-53 R4 SI-11 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1724 - Error Handling Microsoft implements this System and Information Integrity control audit 1.0.0
Microsoft Managed Control 1725 - Error Handling Microsoft implements this System and Information Integrity control audit 1.0.0

Information Handling and Retention

ID: NIST SP 800-53 R4 SI-12 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1726 - Information Handling And Retention Microsoft implements this System and Information Integrity control audit 1.0.0

Memory Protection

ID: NIST SP 800-53 R4 SI-16 Ownership: Shared

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Microsoft Managed Control 1727 - Memory Protection Microsoft implements this System and Information Integrity control audit 1.0.0

Note

Availability of specific Azure Policy definitions may vary in Azure Government and other national clouds.

Next steps

Additional articles about Azure Policy: