diff --git a/built-in-policies/policyDefinitions/Azure Government/Kubernetes/MutateRunAsNonRootInitContainers_Mutate.json b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/MutateRunAsNonRootInitContainers_Mutate.json new file mode 100644 index 000000000..570104222 --- /dev/null +++ b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/MutateRunAsNonRootInitContainers_Mutate.json @@ -0,0 +1,76 @@ +{ + "properties": { + "displayName": "[Preview]: Prevents init containers from being ran as root by setting runAsNotRoot to true.", + "policyType": "BuiltIn", + "mode": "Microsoft.Kubernetes.Data", + "description": "Setting runAsNotRoot to true increases security by preventing containers from being ran as root.", + "metadata": { + "version": "1.0.0-preview", + "category": "Kubernetes", + "preview": true + }, + "version": "1.0.0-preview", + "parameters": { + "source": { + "type": "String", + "metadata": { + "displayName": "Source", + "description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones." + }, + "defaultValue": "Original", + "allowedValues": [ + "All", + "Generated", + "Original" + ] + }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "'Mutate' modifies a non-compliant resource to be compliant when creating or updating. 'Disabled' turns off the policy.", + "portalReview": true + }, + "allowedValues": [ + "Mutate", + "Disabled" + ], + "defaultValue": "Mutate" + }, + "excludedNamespaces": { + "type": "Array", + "metadata": { + "displayName": "Namespace exclusions", + "description": "List of Kubernetes namespaces to exclude from policy evaluation." + }, + "defaultValue": [ + "kube-system", + "gatekeeper-system", + "azure-arc" + ] + } + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.ContainerService/managedClusters" + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "source": "[parameters('source')]", + "mutationInfo": { + "sourceType": "PublicURL", + "url": "https://store.policy.azure.us/kubernetes/mutate-run-as-non-root-initContainers/v1/mutation.yaml" + }, + "excludedNamespaces": "[parameters('excludedNamespaces')]" + } + } + }, + "versions": [ + "1.0.0-PREVIEW" + ] + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/fed6510d-00b9-40db-a347-933125a6a327", + "name": "fed6510d-00b9-40db-a347-933125a6a327" +} \ No newline at end of file diff --git a/built-in-policies/policyDefinitions/Azure Government/Kubernetes/MutateRunAsNonRoot_Mutate.json b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/MutateRunAsNonRoot_Mutate.json new file mode 100644 index 000000000..34804192a --- /dev/null +++ b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/MutateRunAsNonRoot_Mutate.json @@ -0,0 +1,76 @@ +{ + "properties": { + "displayName": "[Preview]: Prevents containers from being ran as root by setting runAsNotRoot to true.", + "policyType": "BuiltIn", + "mode": "Microsoft.Kubernetes.Data", + "description": "Setting runAsNotRoot to true increases security by preventing containers from being ran as root.", + "metadata": { + "version": "1.0.0-preview", + "category": "Kubernetes", + "preview": true + }, + "version": "1.0.0-preview", + "parameters": { + "source": { + "type": "String", + "metadata": { + "displayName": "Source", + "description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones." + }, + "defaultValue": "Original", + "allowedValues": [ + "All", + "Generated", + "Original" + ] + }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "'Mutate' modifies a non-compliant resource to be compliant when creating or updating. 'Disabled' turns off the policy.", + "portalReview": true + }, + "allowedValues": [ + "Mutate", + "Disabled" + ], + "defaultValue": "Mutate" + }, + "excludedNamespaces": { + "type": "Array", + "metadata": { + "displayName": "Namespace exclusions", + "description": "List of Kubernetes namespaces to exclude from policy evaluation." + }, + "defaultValue": [ + "kube-system", + "gatekeeper-system", + "azure-arc" + ] + } + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.ContainerService/managedClusters" + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "source": "[parameters('source')]", + "mutationInfo": { + "sourceType": "PublicURL", + "url": "https://store.policy.azure.us/kubernetes/mutate-run-as-non-root/v1/mutation.yaml" + }, + "excludedNamespaces": "[parameters('excludedNamespaces')]" + } + } + }, + "versions": [ + "1.0.0-PREVIEW" + ] + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/2fe7ba7d-f670-41f5-8b70-b61dc7dfbe18", + "name": "2fe7ba7d-f670-41f5-8b70-b61dc7dfbe18" +} \ No newline at end of file diff --git a/built-in-policies/policyDefinitions/Kubernetes/AKS_Maintenance_DINE.json b/built-in-policies/policyDefinitions/Kubernetes/AKS_Maintenance_DINE.json index 4c517df35..eb21ec562 100644 --- a/built-in-policies/policyDefinitions/Kubernetes/AKS_Maintenance_DINE.json +++ b/built-in-policies/policyDefinitions/Kubernetes/AKS_Maintenance_DINE.json @@ -4,10 +4,10 @@ "displayName": "Deploy Planned Maintenance to schedule and control upgrades for your Azure Kubernetes Service (AKS) cluster", "description": "Planned Maintenance allows you to schedule weekly maintenance windows to perform updates and minimize workload impact. Once scheduled, upgrades occur only during the window you selected. Learn more at: https://aka.ms/aks/planned-maintenance", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Kubernetes" }, - "version": "1.0.0", + "version": "1.1.0", "mode": "Indexed", "parameters": { "effect": { @@ -281,7 +281,7 @@ "resources": [ { "type": "Microsoft.ContainerService/managedClusters/maintenanceConfigurations", - "apiVersion": "2022-10-02-preview", + "apiVersion": "2024-02-01", "name": "[concat(parameters('clusterName'), '/', parameters('configurationType'))]", "properties": "[parameters('maintenanceWindow').properties]" } @@ -304,6 +304,7 @@ } }, "versions": [ + "1.1.0", "1.0.0" ] }, diff --git a/built-in-policies/policyDefinitions/Kubernetes/MutateRunAsNonRootInitContainers_Mutate.json b/built-in-policies/policyDefinitions/Kubernetes/MutateRunAsNonRootInitContainers_Mutate.json new file mode 100644 index 000000000..0c50fc7d2 --- /dev/null +++ b/built-in-policies/policyDefinitions/Kubernetes/MutateRunAsNonRootInitContainers_Mutate.json @@ -0,0 +1,76 @@ +{ + "properties": { + "displayName": "[Preview]: Prevents init containers from being ran as root by setting runAsNotRoot to true.", + "policyType": "BuiltIn", + "mode": "Microsoft.Kubernetes.Data", + "description": "Setting runAsNotRoot to true increases security by preventing containers from being ran as root.", + "metadata": { + "version": "1.0.0-preview", + "category": "Kubernetes", + "preview": true + }, + "version": "1.0.0-preview", + "parameters": { + "source": { + "type": "String", + "metadata": { + "displayName": "Source", + "description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones." + }, + "defaultValue": "Original", + "allowedValues": [ + "All", + "Generated", + "Original" + ] + }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "'Mutate' modifies a non-compliant resource to be compliant when creating or updating. 'Disabled' turns off the policy.", + "portalReview": true + }, + "allowedValues": [ + "Mutate", + "Disabled" + ], + "defaultValue": "Mutate" + }, + "excludedNamespaces": { + "type": "Array", + "metadata": { + "displayName": "Namespace exclusions", + "description": "List of Kubernetes namespaces to exclude from policy evaluation." + }, + "defaultValue": [ + "kube-system", + "gatekeeper-system", + "azure-arc" + ] + } + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.ContainerService/managedClusters" + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "source": "[parameters('source')]", + "mutationInfo": { + "sourceType": "PublicURL", + "url": "https://store.policy.core.windows.net/kubernetes/mutate-run-as-non-root-initContainers/v1/mutation.yaml" + }, + "excludedNamespaces": "[parameters('excludedNamespaces')]" + } + } + }, + "versions": [ + "1.0.0-PREVIEW" + ] + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/fed6510d-00b9-40db-a347-933125a6a327", + "name": "fed6510d-00b9-40db-a347-933125a6a327" +} \ No newline at end of file diff --git a/built-in-policies/policyDefinitions/Kubernetes/MutateRunAsNonRoot_Mutate.json b/built-in-policies/policyDefinitions/Kubernetes/MutateRunAsNonRoot_Mutate.json new file mode 100644 index 000000000..df8ac5269 --- /dev/null +++ b/built-in-policies/policyDefinitions/Kubernetes/MutateRunAsNonRoot_Mutate.json @@ -0,0 +1,76 @@ +{ + "properties": { + "displayName": "[Preview]: Prevents containers from being ran as root by setting runAsNotRoot to true.", + "policyType": "BuiltIn", + "mode": "Microsoft.Kubernetes.Data", + "description": "Setting runAsNotRoot to true increases security by preventing containers from being ran as root.", + "metadata": { + "version": "1.0.0-preview", + "category": "Kubernetes", + "preview": true + }, + "version": "1.0.0-preview", + "parameters": { + "source": { + "type": "String", + "metadata": { + "displayName": "Source", + "description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones." + }, + "defaultValue": "Original", + "allowedValues": [ + "All", + "Generated", + "Original" + ] + }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "'Mutate' modifies a non-compliant resource to be compliant when creating or updating. 'Disabled' turns off the policy.", + "portalReview": true + }, + "allowedValues": [ + "Mutate", + "Disabled" + ], + "defaultValue": "Mutate" + }, + "excludedNamespaces": { + "type": "Array", + "metadata": { + "displayName": "Namespace exclusions", + "description": "List of Kubernetes namespaces to exclude from policy evaluation." + }, + "defaultValue": [ + "kube-system", + "gatekeeper-system", + "azure-arc" + ] + } + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.ContainerService/managedClusters" + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "source": "[parameters('source')]", + "mutationInfo": { + "sourceType": "PublicURL", + "url": "https://store.policy.core.windows.net/kubernetes/mutate-run-as-non-root/v1/mutation.yaml" + }, + "excludedNamespaces": "[parameters('excludedNamespaces')]" + } + } + }, + "versions": [ + "1.0.0-PREVIEW" + ] + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/2fe7ba7d-f670-41f5-8b70-b61dc7dfbe18", + "name": "2fe7ba7d-f670-41f5-8b70-b61dc7dfbe18" +} \ No newline at end of file diff --git a/built-in-policies/policyDefinitions/Security Center/ASC_Azure_Defender_AI_Full_Features_DINE.json b/built-in-policies/policyDefinitions/Security Center/ASC_Azure_Defender_AI_Full_Features_DINE.json new file mode 100644 index 000000000..5f6ae7bcf --- /dev/null +++ b/built-in-policies/policyDefinitions/Security Center/ASC_Azure_Defender_AI_Full_Features_DINE.json @@ -0,0 +1,124 @@ +{ + "properties": { + "displayName": "Configure Microsoft Defender threat protection for AI workloads", + "policyType": "BuiltIn", + "mode": "All", + "description": "New capabilities are continuously being added to threat protection for AI workloads, which may require the user's explicit enablement. Use this policy to make sure all new capabilities will be enabled.", + "metadata": { + "version": "1.0.0", + "category": "Security Center" + }, + "version": "1.0.0", + "parameters": { + "effect": { + "type": "string", + "defaultValue": "DeployIfNotExists", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "DeployIfNotExists", + "Disabled" + ] + }, + "isAIPromptEvidenceEnabled": { + "type": "String", + "metadata": { + "displayName": "AI Prompt Evidence Enabled", + "description": "Controls the AI prompt evidence feature, which exposes the prompts passed between the user and the model for deeper analysis of AI-related alerts. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. While sensitive data or secrets are redacted, customer conversations may be deemed sensitive in nature. The evidence will be available through the Defender portal as part of each alert." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + } + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Resources/subscriptions" + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Security/pricings", + "name": "AI", + "deploymentScope": "subscription", + "existenceScope": "subscription", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635" + ], + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Security/pricings/pricingTier", + "equals": "Standard" + }, + { + "count": { + "field": "Microsoft.Security/pricings/extensions[*]", + "where": { + "allOf": [ + { + "field": "Microsoft.Security/pricings/extensions[*].name", + "equals": "AIPromptEvidence" + }, + { + "field": "Microsoft.Security/pricings/extensions[*].isEnabled", + "equals": "[parameters('isAIPromptEvidenceEnabled')]" + } + ] + } + }, + "equals": 1 + } + ] + }, + "deployment": { + "location": "westeurope", + "properties": { + "mode": "incremental", + "parameters": { + "isAIPromptEvidenceEnabled": { + "value": "[parameters('isAIPromptEvidenceEnabled')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "isAIPromptEvidenceEnabled": { + "type": "String" + } + }, + "resources": [ + { + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "AI", + "properties": { + "pricingTier": "Standard", + "extensions": [ + { + "name": "AIPromptEvidence", + "isEnabled": "[parameters('isAIPromptEvidenceEnabled')]" + } + ] + } + } + ] + } + } + } + } + } + }, + "versions": [ + "1.0.0" + ] + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/359a48a3-351a-4618-bb32-f1628645694b", + "name": "359a48a3-351a-4618-bb32-f1628645694b" +} \ No newline at end of file diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_1_0.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_1_0.json index 21f277905..3a91227f0 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_1_0.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_1_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.1.0 controls. For more information, visit https://aka.ms/cisazure110-initiative", "metadata": { - "version": "15.5.0", + "version": "15.6.0", "category": "Regulatory Compliance" }, - "version": "15.5.0", + "version": "15.6.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.1.0_1.1", @@ -589,15 +589,6 @@ "CIS_Azure_1.1.0_2.1" ] }, - { - "policyDefinitionReferenceId": "CISv110x2x2", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "CIS_Azure_1.1.0_2.2" - ] - }, { "policyDefinitionReferenceId": "CISv110x2x3CISv110x7x5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -644,15 +635,6 @@ "CIS_Azure_1.1.0_2.12" ] }, - { - "policyDefinitionReferenceId": "CISv110x2x13", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CIS_Azure_1.1.0_2.13" - ] - }, { "policyDefinitionReferenceId": "CISv110x2x14CISv110x4x1", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9", @@ -1173,6 +1155,7 @@ } ], "versions": [ + "15.6.0", "15.5.0", "15.4.0", "15.3.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_3_0.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_3_0.json index d9252d45d..1fa50cbe6 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_3_0.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_3_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.3.0 controls. For more information, visit https://aka.ms/cisazure130-initiative", "metadata": { - "version": "7.7.0", + "version": "7.8.0", "category": "Regulatory Compliance" }, - "version": "7.7.0", + "version": "7.8.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.3.0_1.1", @@ -694,14 +694,15 @@ }, "effect-475aae12-b88a-4572-8b36-9b712b2b3a17": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Auto provisioning of the Log Analytics agent should be enabled on your subscription", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": { @@ -1984,19 +1985,6 @@ "CIS_Azure_1.3.0_2.7" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-475aae12-b88a-4572-8b36-9b712b2b3a17')]" - } - }, - "groupNames": [ - "CIS_Azure_1.3.0_2.11" - ] - }, { "policyDefinitionReferenceId": "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", @@ -2874,6 +2862,7 @@ } ], "versions": [ + "7.8.0", "7.7.0", "7.6.0", "7.5.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_2_0_L2.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_2_0_L2.json index 96dd4f95b..0f970fab8 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_2_0_L2.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_2_0_L2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of CMMC 2.0 Level 2 practices. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc2l2-initiative.", "metadata": { - "version": "1.10.0-preview", + "version": "1.11.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "1.10.0-preview", + "version": "1.11.0-preview", "policyDefinitionGroups": [ { "name": "CMMC_2.0_L2_AC.L1-3.1.1", @@ -2436,16 +2436,6 @@ "CMMC_2.0_L2_SI.L2-3.14.6" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_RA.L2-3.11.3", - "CMMC_2.0_L2_RA.L2-3.11.2" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a", "definitionVersion": "1.*.*", @@ -3049,18 +3039,6 @@ "CMMC_2.0_L2_SI.L2-3.14.7" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_AU.L2-3.3.2", - "CMMC_2.0_L2_SI.L2-3.14.7", - "CMMC_2.0_L2_AU.L2-3.3.1", - "CMMC_2.0_L2_SI.L2-3.14.6" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be", "definitionVersion": "1.*.*", @@ -3634,17 +3612,6 @@ "CMMC_2.0_L2_RA.L2-3.11.3" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_RA.L2-3.11.3", - "CMMC_2.0_L2_RA.L2-3.11.2", - "CMMC_2.0_L2_SI.L1-3.14.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3", "definitionVersion": "3.*.*", @@ -4109,18 +4076,6 @@ "CMMC_2.0_L2_CM.L2-3.4.1" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_CM.L2-3.4.6", - "CMMC_2.0_L2_CM.L2-3.4.9", - "CMMC_2.0_L2_CM.L2-3.4.7", - "CMMC_2.0_L2_CM.L2-3.4.8" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74", "definitionVersion": "1.*.*", @@ -4492,18 +4447,6 @@ "CMMC_2.0_L2_CM.L2-3.4.2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_CM.L2-3.4.7", - "CMMC_2.0_L2_CM.L2-3.4.9", - "CMMC_2.0_L2_CM.L2-3.4.6", - "CMMC_2.0_L2_CM.L2-3.4.8" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661", "definitionVersion": "1.*.*", @@ -4840,6 +4783,7 @@ } ], "versions": [ + "1.11.0-PREVIEW", "1.10.0-PREVIEW", "1.9.0-PREVIEW", "1.8.0-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_L3.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_L3.json index f78c5f5a4..e25668f89 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_L3.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_L3.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative.", "metadata": { - "version": "9.6.0", + "version": "9.7.0", "category": "Regulatory Compliance" }, - "version": "9.6.0", + "version": "9.7.0", "policyDefinitionGroups": [ { "name": "CMMC_L3_AC.1.001", @@ -678,14 +678,15 @@ }, "effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-404c3081-a854-4457-ae30-26a93ef643f9": { @@ -703,14 +704,15 @@ }, "effect-47a6b606-51aa-4496-8bb7-64b11cf66adc": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-496223c3-ad65-4ecd-878a-bae78737e9ed": { @@ -1372,14 +1374,15 @@ }, "effect-e8cbc669-f12d-49eb-93e7-9273119e9933": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in container security configurations should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e": { @@ -2489,14 +2492,15 @@ }, "effect-123a3936-f020-408a-ba0c-47873faf1534": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Allowlist rules in your adaptive application control policy should be updated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } } }, @@ -2646,20 +2650,6 @@ "CMMC_L3_SC.3.191" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')]" - } - }, - "groupNames": [ - "CMMC_L3_RM.2.143", - "CMMC_L3_SI.1.210" - ] - }, { "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", @@ -2675,24 +2665,6 @@ "CMMC_L3_SC.3.185" ] }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-47a6b606-51aa-4496-8bb7-64b11cf66adc')]" - } - }, - "groupNames": [ - "CMMC_L3_CA.2.158", - "CMMC_L3_CA.3.161", - "CMMC_L3_CM.2.061", - "CMMC_L3_CM.2.063", - "CMMC_L3_CM.3.068", - "CMMC_L3_CM.3.069" - ] - }, { "policyDefinitionReferenceId": "4f11b553-d42e-4e3a-89be-32ca364cad4c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c", @@ -3094,19 +3066,6 @@ "CMMC_L3_SC.3.190" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-e8cbc669-f12d-49eb-93e7-9273119e9933')]" - } - }, - "groupNames": [ - "CMMC_L3_RM.2.143" - ] - }, { "policyDefinitionReferenceId": "0cfea604-3201-4e14-88fc-fae4c427a6c5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -4266,25 +4225,10 @@ "groupNames": [ "CMMC_L3_SC.3.181" ] - }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-123a3936-f020-408a-ba0c-47873faf1534')]" - } - }, - "groupNames": [ - "CMMC_L3_CA.2.158", - "CMMC_L3_CA.3.161", - "CMMC_L3_CM.2.063", - "CMMC_L3_CM.3.068" - ] } ], "versions": [ + "9.7.0", "9.6.0", "9.5.0", "9.4.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL4_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL4_audit.json index 8aae515fe..27176bec6 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL4_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL4_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of DoD Impact Level 4 (IL4) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/dodil4-initiative.", "metadata": { - "version": "22.10.0", + "version": "22.11.0", "category": "Regulatory Compliance" }, - "version": "22.10.0", + "version": "22.11.0", "policyDefinitionGroups": [ { "name": "DoD_IL4_R4_AC-1", @@ -3199,26 +3199,28 @@ }, "vmssOsVulnerabilitiesMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "adaptiveApplicationControlsMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "geoRedundancyEnabledForAzureDatabaseForPostgreSQLEffect": { @@ -3702,14 +3704,15 @@ }, "containerBenchmarkMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in container security configurations should be remediated", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "apiAppDisableRemoteDebuggingMonitoringEffect": { @@ -5860,23 +5863,6 @@ "DoD_IL4_R4_SI-16" ] }, - { - "policyDefinitionReferenceId": "adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('adaptiveApplicationControlsMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL4_R4_CM-7", - "DoD_IL4_R4_CM-7(2)", - "DoD_IL4_R4_CM-7(5)", - "DoD_IL4_R4_CM-10", - "DoD_IL4_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", @@ -5965,20 +5951,6 @@ "DoD_IL4_R4_SI-4(12)" ] }, - { - "policyDefinitionReferenceId": "vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('vmssOsVulnerabilitiesMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL4_R4_RA-5", - "DoD_IL4_R4_SI-2" - ] - }, { "policyDefinitionReferenceId": "dDoSProtectionStandardShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", @@ -6088,19 +6060,6 @@ "DoD_IL4_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "DoD_IL4_R4_CM-7", - "DoD_IL4_R4_CM-7(2)", - "DoD_IL4_R4_CM-7(5)", - "DoD_IL4_R4_CM-10", - "DoD_IL4_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -6547,19 +6506,6 @@ "DoD_IL4_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "vulnerabilitiesSecurityConfigurationsRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('containerBenchmarkMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL4_R4_RA-5" - ] - }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", @@ -6642,19 +6588,6 @@ "DoD_IL4_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "DoD_IL4_R4_AU-6(4)", - "DoD_IL4_R4_AU-6(5)", - "DoD_IL4_R4_AU-12", - "DoD_IL4_R4_AU-12(1)", - "DoD_IL4_R4_SI-4" - ] - }, { "policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", @@ -7100,6 +7033,7 @@ } ], "versions": [ + "22.11.0", "22.10.0", "22.9.0", "22.8.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL5_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL5_audit.json index 738ca9c7e..ed88fcb3e 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL5_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL5_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of DoD Impact Level 5 (IL5) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/dodil5-initiative.", "metadata": { - "version": "19.10.0", + "version": "19.11.0", "category": "Regulatory Compliance" }, - "version": "19.10.0", + "version": "19.11.0", "policyDefinitionGroups": [ { "name": "DoD_IL5_R4_AC-1", @@ -3223,26 +3223,28 @@ }, "vmssOsVulnerabilitiesMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "adaptiveApplicationControlsMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect": { @@ -3726,14 +3728,15 @@ }, "containerBenchmarkMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in container security configurations should be remediated", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "apiAppDisableRemoteDebuggingMonitoringEffect": { @@ -5884,23 +5887,6 @@ "DoD_IL5_R4_SI-16" ] }, - { - "policyDefinitionReferenceId": "adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('adaptiveApplicationControlsMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL5_R4_CM-7", - "DoD_IL5_R4_CM-7(2)", - "DoD_IL5_R4_CM-7(5)", - "DoD_IL5_R4_CM-10", - "DoD_IL5_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", @@ -5989,20 +5975,6 @@ "DoD_IL5_R4_SI-4(12)" ] }, - { - "policyDefinitionReferenceId": "vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('vmssOsVulnerabilitiesMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL5_R4_RA-5", - "DoD_IL5_R4_SI-2" - ] - }, { "policyDefinitionReferenceId": "dDoSProtectionStandardShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", @@ -6112,19 +6084,6 @@ "DoD_IL5_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "DoD_IL5_R4_CM-7", - "DoD_IL5_R4_CM-7(2)", - "DoD_IL5_R4_CM-7(5)", - "DoD_IL5_R4_CM-10", - "DoD_IL5_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -6571,19 +6530,6 @@ "DoD_IL5_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "vulnerabilitiesSecurityConfigurationsRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('containerBenchmarkMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL5_R4_RA-5" - ] - }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", @@ -6666,19 +6612,6 @@ "DoD_IL5_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "DoD_IL5_R4_AU-6(4)", - "DoD_IL5_R4_AU-6(5)", - "DoD_IL5_R4_AU-12", - "DoD_IL5_R4_AU-12(1)", - "DoD_IL5_R4_SI-4" - ] - }, { "policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", @@ -7124,6 +7057,7 @@ } ], "versions": [ + "19.11.0", "19.10.0", "19.9.0", "19.8.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_H_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_H_audit.json index 7e63fcffb..9513cc625 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_H_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_H_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (High) controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-fedramp", "metadata": { - "version": "17.11.0", + "version": "17.12.0", "category": "Regulatory Compliance" }, - "version": "17.11.0", + "version": "17.12.0", "policyDefinitionGroups": [ { "name": "FedRAMP_High_R4_AC-1", @@ -4968,19 +4968,6 @@ "FedRAMP_High_R4_SI-16" ] }, - { - "policyDefinitionReferenceId": "adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_CM-7", - "FedRAMP_High_R4_CM-7(2)", - "FedRAMP_High_R4_CM-7(5)", - "FedRAMP_High_R4_CM-10", - "FedRAMP_High_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", @@ -5063,16 +5050,6 @@ "FedRAMP_High_R4_IR-5" ] }, - { - "policyDefinitionReferenceId": "vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_RA-5", - "FedRAMP_High_R4_SI-2" - ] - }, { "policyDefinitionReferenceId": "dDoSProtectionStandardShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", @@ -5166,19 +5143,6 @@ "FedRAMP_High_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_CM-7", - "FedRAMP_High_R4_CM-7(2)", - "FedRAMP_High_R4_CM-7(5)", - "FedRAMP_High_R4_CM-10", - "FedRAMP_High_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -5597,15 +5561,6 @@ "FedRAMP_High_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_RA-5" - ] - }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", @@ -5684,19 +5639,6 @@ "FedRAMP_High_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_AU-6(4)", - "FedRAMP_High_R4_AU-6(5)", - "FedRAMP_High_R4_AU-12", - "FedRAMP_High_R4_AU-12(1)", - "FedRAMP_High_R4_SI-4" - ] - }, { "policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", @@ -6123,6 +6065,7 @@ } ], "versions": [ + "17.12.0", "17.11.0", "17.10.0", "17.9.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_M_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_M_audit.json index 2f4327c5a..7d260e5bb 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_M_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_M_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (Moderate) controls. Additional policies will be added in upcoming releases. For more information, visit https://www.fedramp.gov/documents-templates/", "metadata": { - "version": "17.10.0", + "version": "17.11.0", "category": "Regulatory Compliance" }, - "version": "17.10.0", + "version": "17.11.0", "policyDefinitionGroups": [ { "name": "FedRAMP_Moderate_R4_AC-1", @@ -4302,19 +4302,6 @@ "FedRAMP_Moderate_R4_SI-16" ] }, - { - "policyDefinitionReferenceId": "AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_CM-7", - "FedRAMP_Moderate_R4_CM-7(2)", - "FedRAMP_Moderate_R4_CM-7(5)", - "FedRAMP_Moderate_R4_CM-10", - "FedRAMP_Moderate_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", @@ -4389,16 +4376,6 @@ "FedRAMP_Moderate_R4_IR-5" ] }, - { - "policyDefinitionReferenceId": "VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_RA-5", - "FedRAMP_Moderate_R4_SI-2" - ] - }, { "policyDefinitionReferenceId": "DDoSProtectionStandardShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", @@ -4479,19 +4456,6 @@ "FedRAMP_Moderate_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_CM-7", - "FedRAMP_Moderate_R4_CM-7(2)", - "FedRAMP_Moderate_R4_CM-7(5)", - "FedRAMP_Moderate_R4_CM-10", - "FedRAMP_Moderate_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -4863,15 +4827,6 @@ "FedRAMP_Moderate_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_RA-5" - ] - }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", @@ -4943,16 +4898,6 @@ "FedRAMP_Moderate_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_AU-12", - "FedRAMP_Moderate_R4_SI-4" - ] - }, { "policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", @@ -5359,6 +5304,7 @@ } ], "versions": [ + "17.11.0", "17.10.0", "17.9.0", "17.8.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/IRS1075_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/IRS1075_audit.json index 8e460d14f..b773a22c5 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/IRS1075_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/IRS1075_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/irs1075-init.", "metadata": { - "version": "8.3.0", + "version": "8.4.0", "category": "Regulatory Compliance" }, - "version": "8.3.0", + "version": "8.4.0", "policyDefinitionGroups": [ { "name": "IRS_1075_9.3.1.1", @@ -1121,17 +1121,6 @@ "IRS_1075_9.3.17.2" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "IRS_1075_9.3.5.7", - "IRS_1075_9.3.5.11", - "IRS_1075_9.3.16.5" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -1338,6 +1327,7 @@ } ], "versions": [ + "8.4.0", "8.3.0", "8.2.0", "8.1.0" diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/ISO27001_2013_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/ISO27001_2013_audit.json index 960efd4c2..fa3779e9a 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/ISO27001_2013_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/ISO27001_2013_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The International Organization for Standardization (ISO) 27001 standard provides requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS). These policies address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/iso27001-init", "metadata": { - "version": "7.4.0", + "version": "7.5.0", "category": "Regulatory Compliance" }, - "version": "7.4.0", + "version": "7.5.0", "policyDefinitionGroups": [ { "name": "ISO27001-2013_A.5.1.1", @@ -5885,16 +5885,6 @@ "ISO27001-2013_A.12.6.2" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "ISO27001-2013_A.12.5.1", - "ISO27001-2013_A.12.6.2" - ] - }, { "policyDefinitionReferenceId": "f78fc35e-1268-0bca-a798-afcba9d2330a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f78fc35e-1268-0bca-a798-afcba9d2330a", @@ -6768,6 +6758,7 @@ } ], "versions": [ + "7.5.0", "7.4.0", "7.3.0", "7.2.0" diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-171_R2.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-171_R2.json index 84e75d283..e3a034f68 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-171_R2.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-171_R2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect the information and information systems of federal agencies. In response to Executive Order 13556 on managing controlled unclassified information (CUI), it published NIST SP 800-171. These policies address a subset of NIST SP 800-171 Rev. 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-nist-800-171", "metadata": { - "version": "15.10.0", + "version": "15.11.0", "category": "Regulatory Compliance" }, - "version": "15.10.0", + "version": "15.11.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-171_R2_3.1.1", @@ -3197,18 +3197,6 @@ "NIST_SP_800-171_R2_3.14.7" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.3.1", - "NIST_SP_800-171_R2_3.3.2", - "NIST_SP_800-171_R2_3.14.6", - "NIST_SP_800-171_R2_3.14.7" - ] - }, { "policyDefinitionReferenceId": "c3d20c29-b36d-48fe-808b-99a87530ad99", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99", @@ -3697,30 +3685,6 @@ "NIST_SP_800-171_R2_3.4.2" ] }, - { - "policyDefinitionReferenceId": "adaptiveApplicationControlsMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.4.6", - "NIST_SP_800-171_R2_3.4.7", - "NIST_SP_800-171_R2_3.4.8", - "NIST_SP_800-171_R2_3.4.9" - ] - }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.4.6", - "NIST_SP_800-171_R2_3.4.7", - "NIST_SP_800-171_R2_3.4.8", - "NIST_SP_800-171_R2_3.4.9" - ] - }, { "policyDefinitionReferenceId": "previewAuditLinuxVmEtcPasswdFilePermissionsAreSetTo0644", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861", @@ -3883,17 +3847,6 @@ "NIST_SP_800-171_R2_3.8.9" ] }, - { - "policyDefinitionReferenceId": "vmssOsVulnerabilitiesMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.11.2", - "NIST_SP_800-171_R2_3.11.3", - "NIST_SP_800-171_R2_3.14.1" - ] - }, { "policyDefinitionReferenceId": "systemConfigurationsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", @@ -3926,16 +3879,6 @@ "NIST_SP_800-171_R2_3.11.3" ] }, - { - "policyDefinitionReferenceId": "containerBenchmarkMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.11.2", - "NIST_SP_800-171_R2_3.11.3" - ] - }, { "policyDefinitionReferenceId": "6ba6d016-e7c3-4842-b8f2-4992ebc0d72d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d", @@ -4844,6 +4787,7 @@ } ], "versions": [ + "15.11.0", "15.10.0", "15.9.0", "15.8.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R4.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R4.json index 8dc6d7354..d99cb89c6 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R4.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R4.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 R4 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk.These policies address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative", "metadata": { - "version": "18.10.0", + "version": "18.11.0", "category": "Regulatory Compliance" }, - "version": "18.10.0", + "version": "18.11.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R4_AC-1", @@ -6361,19 +6361,6 @@ "NIST_SP_800-53_R4_SI-16" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_CM-7", - "NIST_SP_800-53_R4_CM-7(2)", - "NIST_SP_800-53_R4_CM-7(5)", - "NIST_SP_800-53_R4_CM-10", - "NIST_SP_800-53_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", @@ -6450,16 +6437,6 @@ "NIST_SP_800-53_R4_SI-4(12)" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_RA-5", - "NIST_SP_800-53_R4_SI-2" - ] - }, { "policyDefinitionReferenceId": "PreviewAuditStandardTierOfDDoSProtectionIsEnabledForAVirtualNetwork", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", @@ -6542,19 +6519,6 @@ "NIST_SP_800-53_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_CM-7", - "NIST_SP_800-53_R4_CM-7(2)", - "NIST_SP_800-53_R4_CM-7(5)", - "NIST_SP_800-53_R4_CM-10", - "NIST_SP_800-53_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -6945,15 +6909,6 @@ "NIST_SP_800-53_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_RA-5" - ] - }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", @@ -7028,19 +6983,6 @@ "NIST_SP_800-53_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_AU-6(4)", - "NIST_SP_800-53_R4_AU-6(5)", - "NIST_SP_800-53_R4_AU-12", - "NIST_SP_800-53_R4_AU-12(1)", - "NIST_SP_800-53_R4_SI-4" - ] - }, { "policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", @@ -14014,6 +13956,7 @@ } ], "versions": [ + "18.11.0", "18.10.0", "18.9.0", "18.8.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R5.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R5.json index 811ea217a..d13378ff6 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R5.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R5.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk. These policies address a subset of NIST SP 800-53 R5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r5-initiative", "metadata": { - "version": "14.10.0", + "version": "14.11.0", "category": "Regulatory Compliance" }, - "version": "14.10.0", + "version": "14.11.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R5_AC-1", @@ -6856,19 +6856,6 @@ "NIST_SP_800-53_R5_SI-16" ] }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_CM-7", - "NIST_SP_800-53_R5_CM-7(2)", - "NIST_SP_800-53_R5_CM-7(5)", - "NIST_SP_800-53_R5_CM-10", - "NIST_SP_800-53_R5_CM-11" - ] - }, { "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", @@ -6945,16 +6932,6 @@ "NIST_SP_800-53_R5_SI-4(12)" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_RA-5", - "NIST_SP_800-53_R5_SI-2" - ] - }, { "policyDefinitionReferenceId": "a7aca53f-2ed4-4466-a25e-0b45ade68efd", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", @@ -7037,19 +7014,6 @@ "NIST_SP_800-53_R5_CM-6" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_CM-7", - "NIST_SP_800-53_R5_CM-7(2)", - "NIST_SP_800-53_R5_CM-7(5)", - "NIST_SP_800-53_R5_CM-10", - "NIST_SP_800-53_R5_CM-11" - ] - }, { "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -7440,15 +7404,6 @@ "NIST_SP_800-53_R5_SI-4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_RA-5" - ] - }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", @@ -7523,19 +7478,6 @@ "NIST_SP_800-53_R5_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_AU-6(4)", - "NIST_SP_800-53_R5_AU-6(5)", - "NIST_SP_800-53_R5_AU-12", - "NIST_SP_800-53_R5_AU-12(1)", - "NIST_SP_800-53_R5_SI-4" - ] - }, { "policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", @@ -14338,6 +14280,7 @@ } ], "versions": [ + "14.11.0", "14.10.0", "14.9.0", "14.8.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/SOC_2.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/SOC_2.json index affdd69b0..52396467d 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/SOC_2.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/SOC_2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "A System and Organization Controls (SOC) 2 is a report based on the Trust Service Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA). The Report evaluates an organization's information system relevant to the following principles: security, availability, processing integrity, confidentiality and privacy. These policies address a subset of SOC 2 Type 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-soc-2", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Regulatory Compliance" }, - "version": "1.5.0", + "version": "1.6.0", "policyDefinitionGroups": [ { "name": "SOC_2_A1.1", @@ -2277,9 +2277,10 @@ "type": "String", "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true }, - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" @@ -2289,9 +2290,10 @@ "type": "String", "metadata": { "displayName": "Effect for policy: Allowlist rules in your adaptive application control policy should be updated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true }, - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" @@ -5306,34 +5308,6 @@ "SOC_2_CC8.1" ] }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-47a6b606-51aa-4496-8bb7-64b11cf66adc')]" - } - }, - "groupNames": [ - "SOC_2_CC6.8", - "SOC_2_CC7.1" - ] - }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-123a3936-f020-408a-ba0c-47873faf1534')]" - } - }, - "groupNames": [ - "SOC_2_CC6.8", - "SOC_2_CC7.1" - ] - }, { "policyDefinitionReferenceId": "3d399cf3-8fc6-0efc-6ab0-1412f1198517", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d399cf3-8fc6-0efc-6ab0-1412f1198517", @@ -6179,6 +6153,7 @@ } ], "versions": [ + "1.6.0", "1.5.0", "1.4.0", "1.3.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_audit.json index 049c42421..144168d6e 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative has been deprecated. The Azure Security Benchmark initiative now represents the Azure Security Benchmark v2 controls, and serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center.", "metadata": { - "version": "14.4.0-deprecated", + "version": "14.5.0-deprecated", "deprecated": true, "category": "Regulatory Compliance" }, - "version": "14.4.0", + "version": "14.5.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v1.0_1.1", @@ -869,17 +869,6 @@ "Azure_Security_Benchmark_v1.0_6.9" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_5.5", - "Azure_Security_Benchmark_v1.0_7.4", - "Azure_Security_Benchmark_v1.0_7.10" - ] - }, { "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", @@ -908,26 +897,6 @@ "Azure_Security_Benchmark_v1.0_2.3" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_2.2", - "Azure_Security_Benchmark_v1.0_2.4" - ] - }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_6.8", - "Azure_Security_Benchmark_v1.0_6.10" - ] - }, { "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -1497,17 +1466,6 @@ "Azure_Security_Benchmark_v1.0_4.4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_5.5", - "Azure_Security_Benchmark_v1.0_7.4", - "Azure_Security_Benchmark_v1.0_7.10" - ] - }, { "policyDefinitionReferenceId": "ea4d6841-2173-4317-9747-ff522a45120f", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f", @@ -1707,6 +1665,7 @@ } ], "versions": [ + "14.5.0", "14.4.0", "14.3.0", "14.2.0" diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_v2.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_v2.json index 2341f786a..f393508f8 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_v2.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_v2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative has been deprecated. The Azure Security Benchmark v2 policy set is now represented in the consolidated Azure Security Benchmark initiative, which also serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center", "metadata": { - "version": "10.7.0-deprecated", + "version": "10.8.0-deprecated", "deprecated": true, "category": "Regulatory Compliance" }, - "version": "10.7.0", + "version": "10.8.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v2.0_NS-1", @@ -1398,14 +1398,15 @@ }, "effect-47a6b606-51aa-4496-8bb7-64b11cf66adc": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d": { @@ -1754,14 +1755,15 @@ }, "effect-475aae12-b88a-4572-8b36-9b712b2b3a17": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Automatic provisioning of the Log Analytics monitoring agent should be enabled on your subscription", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-d62cfe2b-3ab0-4d41-980d-76803b58ca65": { @@ -1939,26 +1941,28 @@ }, "effect-e8cbc669-f12d-49eb-93e7-9273119e9933": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in container security configurations should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": { @@ -3232,19 +3236,6 @@ "Azure_Security_Benchmark_v2.0_AM-3" ] }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-47a6b606-51aa-4496-8bb7-64b11cf66adc')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_AM-6" - ] - }, { "policyDefinitionReferenceId": "4da35fc9-c9e7-4960-aec9-797fe7d9051d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d", @@ -3522,19 +3513,6 @@ "Azure_Security_Benchmark_v2.0_LT-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-475aae12-b88a-4572-8b36-9b712b2b3a17')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_LT-5" - ] - }, { "policyDefinitionReferenceId": "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", @@ -3661,32 +3639,6 @@ "Azure_Security_Benchmark_v2.0_PV-4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-e8cbc669-f12d-49eb-93e7-9273119e9933')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_PV-4" - ] - }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_PV-4" - ] - }, { "policyDefinitionReferenceId": "ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9", @@ -3863,6 +3815,7 @@ } ], "versions": [ + "10.8.0", "10.7.0", "10.6.0", "10.5.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Security Center/AzureSecurityCenter.json b/built-in-policies/policySetDefinitions/Azure Government/Security Center/AzureSecurityCenter.json index 3b73d55d5..484aa0c4d 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Security Center/AzureSecurityCenter.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Security Center/AzureSecurityCenter.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Microsoft cloud security benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft cloud security benchmark, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud.", "metadata": { - "version": "47.26.0", + "version": "47.27.0", "category": "Security Center" }, - "version": "47.26.0", + "version": "47.27.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v3.0_NS-1", @@ -504,14 +504,15 @@ }, "vmssOsVulnerabilitiesMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "Enable or disable virtual machine scale sets OS vulnerabilities monitoring" + "description": "Enable or disable virtual machine scale sets OS vulnerabilities monitoring", + "deprecated": true } }, "systemUpdatesMonitoringEffect": { @@ -690,26 +691,28 @@ }, "adaptiveApplicationControlsMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "Enable or disable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run" + "description": "Enable or disable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run", + "deprecated": true } }, "adaptiveApplicationControlsUpdateMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Allowlist rules in your adaptive application control policy should be updated", - "description": "Enable or disable the monitoring for changes in behavior on groups of machines configured for auditing by Microsoft Defender for Cloud's adaptive application controls" + "description": "Enable or disable the monitoring for changes in behavior on groups of machines configured for auditing by Microsoft Defender for Cloud's adaptive application controls", + "deprecated": true } }, "sqlAuditingMonitoringEffect": { @@ -2058,14 +2061,15 @@ }, "containerBenchmarkMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Vulnerabilities in container security configurations should be remediated", - "description": "Enable or disable container benchmark monitoring" + "description": "Enable or disable container benchmark monitoring", + "deprecated": true } }, "AzureFirewallEffect": { @@ -2769,14 +2773,15 @@ }, "autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Auto provisioning of the Log Analytics agent should be enabled on your subscription", - "description": "To monitor for security vulnerabilities and threats, Microsoft Defender for Cloud collects data from your Azure virtual machines. Data is collected by the Log Analytics agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads various security-related configurations and event logs from the machine and copies the data to your Log Analytics workspace for analysis. We recommend enabling auto provisioning to automatically deploy the agent to all supported Azure VMs and any new ones that are created." + "description": "To monitor for security vulnerabilities and threats, Microsoft Defender for Cloud collects data from your Azure virtual machines. Data is collected by the Log Analytics agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads various security-related configurations and event logs from the machine and copies the data to your Log Analytics workspace for analysis. We recommend enabling auto provisioning to automatically deploy the agent to all supported Azure VMs and any new ones that are created.", + "deprecated": true } }, "emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect": { @@ -4790,19 +4795,6 @@ "Azure_Security_Benchmark_v3.0_PV-4" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "vmssOsVulnerabilitiesMonitoring", - "parameters": { - "effect": { - "value": "[parameters('vmssOsVulnerabilitiesMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_PV-6" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe", "definitionVersion": "3.*.*", @@ -5212,32 +5204,6 @@ "Azure_Security_Benchmark_v3.0_PA-2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "adaptiveApplicationControlsMonitoring", - "parameters": { - "effect": { - "value": "[parameters('adaptiveApplicationControlsMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_AM-5" - ] - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "adaptiveApplicationControlsUpdateMonitoring", - "parameters": { - "effect": { - "value": "[parameters('adaptiveApplicationControlsUpdateMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_AM-5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517", "definitionVersion": "3.*.*", @@ -5594,20 +5560,6 @@ "Azure_Security_Benchmark_v3.0_NS-3" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "containerBenchmarkMonitoring", - "parameters": { - "effect": { - "value": "[parameters('containerBenchmarkMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_PV-6", - "Azure_Security_Benchmark_v3.0_DS-6" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9", "definitionVersion": "1.*.*", @@ -6256,19 +6208,6 @@ "Azure_Security_Benchmark_v3.0_IR-2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect", - "parameters": { - "effect": { - "value": "[parameters('autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_LT-5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899", "definitionVersion": "1.*.*", @@ -7157,6 +7096,7 @@ } ], "versions": [ + "47.27.0", "47.26.0", "47.25.0", "47.24.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json index f6772d520..53f486644 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.1.0 controls. For more information, visit https://aka.ms/cisazure110-initiative", "metadata": { - "version": "16.6.0", + "version": "16.7.0", "category": "Regulatory Compliance" }, - "version": "16.6.0", + "version": "16.7.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.1.0_1.1", @@ -616,15 +616,6 @@ "CIS_Azure_1.1.0_2.1" ] }, - { - "policyDefinitionReferenceId": "CISv110x2x2", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "CIS_Azure_1.1.0_2.2" - ] - }, { "policyDefinitionReferenceId": "CISv110x2x3CISv110x7x5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -644,15 +635,6 @@ "CIS_Azure_1.1.0_2.4" ] }, - { - "policyDefinitionReferenceId": "CISv110x2x7", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CIS_Azure_1.1.0_2.7" - ] - }, { "policyDefinitionReferenceId": "CISv110x2x9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517", @@ -689,15 +671,6 @@ "CIS_Azure_1.1.0_2.12" ] }, - { - "policyDefinitionReferenceId": "CISv110x2x13", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CIS_Azure_1.1.0_2.13" - ] - }, { "policyDefinitionReferenceId": "CISv110x2x14CISv110x4x1", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9", @@ -2285,6 +2258,7 @@ } ], "versions": [ + "16.7.0", "16.6.0", "16.5.0", "16.4.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json index c6ddb10ab..eaa0dd256 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.3.0 controls. For more information, visit https://aka.ms/cisazure130-initiative", "metadata": { - "version": "8.8.0", + "version": "8.9.0", "category": "Regulatory Compliance" }, - "version": "8.8.0", + "version": "8.9.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.3.0_1.1", @@ -743,14 +743,15 @@ }, "effect-475aae12-b88a-4572-8b36-9b712b2b3a17": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Auto provisioning of the Log Analytics agent should be enabled on your subscription", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": { @@ -2123,19 +2124,6 @@ "CIS_Azure_1.3.0_2.8" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-475aae12-b88a-4572-8b36-9b712b2b3a17')]" - } - }, - "groupNames": [ - "CIS_Azure_1.3.0_2.11" - ] - }, { "policyDefinitionReferenceId": "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", @@ -4265,6 +4253,7 @@ } ], "versions": [ + "8.9.0", "8.8.0", "8.7.0", "8.6.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json index 98d7ea96d..bb3aa3916 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.4.0 controls. For more information, visit https://aka.ms/cisazure140-initiative", "metadata": { - "version": "1.9.0", + "version": "1.10.0", "category": "Regulatory Compliance" }, - "version": "1.9.0", + "version": "1.10.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.4.0_1.1", @@ -720,14 +720,15 @@ }, "effect-475aae12-b88a-4572-8b36-9b712b2b3a17": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Auto provisioning of the Log Analytics agent should be enabled on your subscription", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": { @@ -2485,19 +2486,6 @@ "CIS_Azure_1.4.0_7.6" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-475aae12-b88a-4572-8b36-9b712b2b3a17')]" - } - }, - "groupNames": [ - "CIS_Azure_1.4.0_2.11" - ] - }, { "policyDefinitionReferenceId": "b53aa659-513e-032c-52e6-1ce0ba46582f", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b53aa659-513e-032c-52e6-1ce0ba46582f", @@ -4030,6 +4018,7 @@ } ], "versions": [ + "1.10.0", "1.9.0", "1.8.0", "1.7.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json index f6ff46a86..db8af6620 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v2.0.0 controls. For more information, visit https://aka.ms/cisazure200-initiative", "metadata": { - "version": "1.3.0", + "version": "1.4.0", "category": "Regulatory Compliance" }, - "version": "1.3.0", + "version": "1.4.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_2.0.0_1.1.1", @@ -846,14 +846,15 @@ }, "effect-475aae12-b88a-4572-8b36-9b712b2b3a17": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Auto provisioning of the Log Analytics agent should be enabled on your subscription", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": { @@ -3044,19 +3045,6 @@ "CIS_Azure_2.0.0_7.6" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-475aae12-b88a-4572-8b36-9b712b2b3a17')]" - } - }, - "groupNames": [ - "CIS_Azure_2.0.0_2.1.15" - ] - }, { "policyDefinitionReferenceId": "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", @@ -4955,6 +4943,7 @@ } ], "versions": [ + "1.4.0", "1.3.0", "1.2.0", "1.1.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json index 09c1ba06a..f3aa9b8b6 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of CMMC 2.0 Level 2 practices. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc2l2-initiative.", "metadata": { - "version": "2.13.0-preview", + "version": "2.14.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "2.13.0-preview", + "version": "2.14.0-preview", "policyDefinitionGroups": [ { "name": "CMMC_2.0_L2_AC.L1-3.1.1", @@ -2896,16 +2896,6 @@ "CMMC_2.0_L2_SI.L2-3.14.6" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_RA.L2-3.11.3", - "CMMC_2.0_L2_RA.L2-3.11.2" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a", "definitionVersion": "1.*.*", @@ -3603,18 +3593,6 @@ "CMMC_2.0_L2_SI.L2-3.14.7" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_AU.L2-3.3.2", - "CMMC_2.0_L2_SI.L2-3.14.7", - "CMMC_2.0_L2_AU.L2-3.3.1", - "CMMC_2.0_L2_SI.L2-3.14.6" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be", "definitionVersion": "1.*.*", @@ -4304,17 +4282,6 @@ "CMMC_2.0_L2_RA.L2-3.11.3" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_RA.L2-3.11.3", - "CMMC_2.0_L2_RA.L2-3.11.2", - "CMMC_2.0_L2_SI.L1-3.14.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3", "definitionVersion": "3.*.*", @@ -4345,19 +4312,6 @@ "CMMC_2.0_L2_SC.L2-3.13.6" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_SC.L1-3.13.1", - "CMMC_2.0_L2_SC.L2-3.13.2", - "CMMC_2.0_L2_AC.L2-3.1.3", - "CMMC_2.0_L2_SC.L1-3.13.5", - "CMMC_2.0_L2_SC.L2-3.13.6" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae", "definitionVersion": "1.*.*", @@ -4830,18 +4784,6 @@ "CMMC_2.0_L2_CM.L2-3.4.1" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_CM.L2-3.4.6", - "CMMC_2.0_L2_CM.L2-3.4.9", - "CMMC_2.0_L2_CM.L2-3.4.7", - "CMMC_2.0_L2_CM.L2-3.4.8" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74", "definitionVersion": "2.*.*", @@ -5282,18 +5224,6 @@ "CMMC_2.0_L2_CM.L2-3.4.2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_CM.L2-3.4.7", - "CMMC_2.0_L2_CM.L2-3.4.9", - "CMMC_2.0_L2_CM.L2-3.4.6", - "CMMC_2.0_L2_CM.L2-3.4.8" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661", "definitionVersion": "2.*.*", @@ -5685,6 +5615,7 @@ } ], "versions": [ + "2.14.0-PREVIEW", "2.13.0-PREVIEW", "2.12.0-PREVIEW", "2.11.0-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json index 657631cfd..d438236ea 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative.", "metadata": { - "version": "11.8.0", + "version": "11.9.0", "category": "Regulatory Compliance" }, - "version": "11.8.0", + "version": "11.9.0", "policyDefinitionGroups": [ { "name": "CMMC_L3_AC.1.001", @@ -575,14 +575,15 @@ }, "effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive network hardening recommendations should be applied on internet facing virtual machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b": { @@ -819,14 +820,15 @@ }, "effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-404c3081-a854-4457-ae30-26a93ef643f9": { @@ -844,14 +846,15 @@ }, "effect-47a6b606-51aa-4496-8bb7-64b11cf66adc": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-496223c3-ad65-4ecd-878a-bae78737e9ed": { @@ -1605,14 +1608,15 @@ }, "effect-e8cbc669-f12d-49eb-93e7-9273119e9933": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in container security configurations should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e": { @@ -3504,14 +3508,15 @@ }, "effect-123a3936-f020-408a-ba0c-47873faf1534": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Allowlist rules in your adaptive application control policy should be updated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd": { @@ -3617,24 +3622,6 @@ "CMMC_L3_AU.3.048" ] }, - { - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6')]" - } - }, - "groupNames": [ - "CMMC_L3_AC.1.003", - "CMMC_L3_AC.2.016", - "CMMC_L3_CM.3.068", - "CMMC_L3_SC.1.175", - "CMMC_L3_SC.1.176", - "CMMC_L3_SC.3.183" - ] - }, { "policyDefinitionReferenceId": "09024ccc-0c5f-475e-9457-b7c0d9ed487b", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b", @@ -3866,20 +3853,6 @@ "CMMC_L3_SC.3.191" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')]" - } - }, - "groupNames": [ - "CMMC_L3_RM.2.143", - "CMMC_L3_SI.1.210" - ] - }, { "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", @@ -3895,24 +3868,6 @@ "CMMC_L3_SC.3.185" ] }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-47a6b606-51aa-4496-8bb7-64b11cf66adc')]" - } - }, - "groupNames": [ - "CMMC_L3_CA.2.158", - "CMMC_L3_CA.3.161", - "CMMC_L3_CM.2.061", - "CMMC_L3_CM.2.063", - "CMMC_L3_CM.3.068", - "CMMC_L3_CM.3.069" - ] - }, { "policyDefinitionReferenceId": "4f11b553-d42e-4e3a-89be-32ca364cad4c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c", @@ -4383,19 +4338,6 @@ "CMMC_L3_SC.3.190" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-e8cbc669-f12d-49eb-93e7-9273119e9933')]" - } - }, - "groupNames": [ - "CMMC_L3_RM.2.143" - ] - }, { "policyDefinitionReferenceId": "0cfea604-3201-4e14-88fc-fae4c427a6c5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -6182,22 +6124,6 @@ "CMMC_L3_SC.3.181" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-123a3936-f020-408a-ba0c-47873faf1534')]" - } - }, - "groupNames": [ - "CMMC_L3_CA.2.158", - "CMMC_L3_CA.3.161", - "CMMC_L3_CM.2.063", - "CMMC_L3_CM.3.068" - ] - }, { "policyDefinitionReferenceId": "fc9b3da7-8347-4380-8e70-0a0361d8dedd", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd", @@ -6238,6 +6164,7 @@ } ], "versions": [ + "11.9.0", "11.8.0", "11.7.0", "11.6.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CanadaFederalPBMM_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CanadaFederalPBMM_audit.json index 0946111e5..af68e4288 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CanadaFederalPBMM_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CanadaFederalPBMM_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/canadafederalpbmm-init.", "metadata": { - "version": "8.3.0", + "version": "8.4.0", "category": "Regulatory Compliance" }, - "version": "8.3.0", + "version": "8.4.0", "policyDefinitionGroups": [ { "name": "CCCS_AC-1", @@ -1747,16 +1747,6 @@ "CCCS_AC-6" ] }, - { - "policyDefinitionReferenceId": "VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CCCS_RA-5", - "CCCS_SI-2" - ] - }, { "policyDefinitionReferenceId": "RemoteDebuggingShouldBeTurnedOffForFunctionApp", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9", @@ -1935,15 +1925,6 @@ "CCCS_IA-5(1)" ] }, - { - "policyDefinitionReferenceId": "NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CCCS_SC-7" - ] - }, { "policyDefinitionReferenceId": "SystemUpdatesShouldBeInstalledOnYourMachines", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -1963,16 +1944,6 @@ "CCCS_SI-2" ] }, - { - "policyDefinitionReferenceId": "AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CCCS_CM-7(5)", - "CCCS_CM-11" - ] - }, { "policyDefinitionReferenceId": "JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -2171,6 +2142,7 @@ } ], "versions": [ + "8.4.0", "8.3.0", "8.2.0", "8.1.0" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/DOD_IL4_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/DOD_IL4_audit.json index ef0dc7021..fb1fcb6e6 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/DOD_IL4_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/DOD_IL4_audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of DoD Impact Level 4 (IL4) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/dodil4-initiative.", "metadata": { - "version": "9.3.0-deprecated", + "version": "9.4.0-deprecated", "category": "Regulatory Compliance", "deprecated": true }, - "version": "9.3.0", + "version": "9.4.0", "parameters": { "IncludeArcMachines": { "type": "string", @@ -255,14 +255,15 @@ }, "adaptiveNetworkHardeningsMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Adaptive network hardening recommendations should be applied on internet facing virtual machines", - "description": "Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations" + "description": "Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations", + "deprecated": true } }, "webAppEnforceHttpsMonitoringEffect": { @@ -523,12 +524,6 @@ "policyDefinitionReferenceId": "justInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines", "parameters": {} }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines", - "parameters": {} - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "definitionVersion": "3.*.*", @@ -673,12 +668,6 @@ "policyDefinitionReferenceId": "remoteDebuggingShouldBeTurnedOffForFunctionApp", "parameters": {} }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "parameters": {} - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b", "definitionVersion": "3.*.*", @@ -809,16 +798,6 @@ } } }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "adaptiveNetworkHardeningsMonitoring", - "parameters": { - "effect": { - "value": "[parameters('adaptiveNetworkHardeningsMonitoringEffect')]" - } - } - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917", "definitionVersion": "1.*.*", @@ -959,12 +938,6 @@ } } }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "vulnerabilitiesSecurityConfigurationsRemediated", - "parameters": {} - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c", "definitionVersion": "4.*.*", @@ -1033,6 +1006,7 @@ } ], "versions": [ + "9.4.0", "9.3.0", "9.2.0" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json index a49734b96..58dd81aad 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (High) controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-fedramp", "metadata": { - "version": "17.14.0", + "version": "17.15.0", "category": "Regulatory Compliance" }, - "version": "17.14.0", + "version": "17.15.0", "policyDefinitionGroups": [ { "name": "FedRAMP_High_R4_AC-1", @@ -3270,14 +3270,15 @@ }, "adaptiveNetworkHardeningsMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive network hardening recommendations should be applied on internet facing virtual machines", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "webAppEnforceHttpsMonitoringEffect": { @@ -5287,21 +5288,6 @@ "FedRAMP_High_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "adaptiveNetworkHardeningsMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('adaptiveNetworkHardeningsMonitoringEffect')]" - } - }, - "groupNames": [ - "FedRAMP_High_R4_AC-4", - "FedRAMP_High_R4_SC-7", - "FedRAMP_High_R4_SC-7(3)" - ] - }, { "policyDefinitionReferenceId": "thereShouldBeMoreThanOneOwnerAssignedToYourSubscription", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b", @@ -5401,19 +5387,6 @@ "FedRAMP_High_R4_SI-16" ] }, - { - "policyDefinitionReferenceId": "adaptiveApplicationControlsShouldBeEnabledOnVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_CM-7", - "FedRAMP_High_R4_CM-7(2)", - "FedRAMP_High_R4_CM-7(5)", - "FedRAMP_High_R4_CM-10", - "FedRAMP_High_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "geoRedundantBackupShouldBeEnabledForAzureDatabaseForMariaDB", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", @@ -5500,16 +5473,6 @@ "FedRAMP_High_R4_IR-5" ] }, - { - "policyDefinitionReferenceId": "vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_RA-5", - "FedRAMP_High_R4_SI-2" - ] - }, { "policyDefinitionReferenceId": "dDoSProtectionStandardShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", @@ -5603,19 +5566,6 @@ "FedRAMP_High_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_CM-7", - "FedRAMP_High_R4_CM-7(2)", - "FedRAMP_High_R4_CM-7(5)", - "FedRAMP_High_R4_CM-10", - "FedRAMP_High_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQL", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -6117,15 +6067,6 @@ "FedRAMP_High_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_RA-5" - ] - }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", @@ -6274,19 +6215,6 @@ "FedRAMP_High_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_AU-6(4)", - "FedRAMP_High_R4_AU-6(5)", - "FedRAMP_High_R4_AU-12", - "FedRAMP_High_R4_AU-12(1)", - "FedRAMP_High_R4_SI-4" - ] - }, { "policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", @@ -11526,6 +11454,7 @@ } ], "versions": [ + "17.15.0", "17.14.0", "17.13.0", "17.12.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json index 4a3667257..8b84b9a72 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (Moderate) controls. Additional policies will be added in upcoming releases. For more information, visit https://www.fedramp.gov/documents-templates/", "metadata": { - "version": "17.13.0", + "version": "17.14.0", "category": "Regulatory Compliance" }, - "version": "17.13.0", + "version": "17.14.0", "policyDefinitionGroups": [ { "name": "FedRAMP_Moderate_R4_AC-1", @@ -4593,17 +4593,6 @@ "FedRAMP_Moderate_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_AC-4", - "FedRAMP_Moderate_R4_SC-7", - "FedRAMP_Moderate_R4_SC-7(3)" - ] - }, { "policyDefinitionReferenceId": "ThereShouldBeMoreThanOneOwnerAssignedToYourSubscription", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b", @@ -4692,19 +4681,6 @@ "FedRAMP_Moderate_R4_SI-16" ] }, - { - "policyDefinitionReferenceId": "AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_CM-7", - "FedRAMP_Moderate_R4_CM-7(2)", - "FedRAMP_Moderate_R4_CM-7(5)", - "FedRAMP_Moderate_R4_CM-10", - "FedRAMP_Moderate_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", @@ -4779,16 +4755,6 @@ "FedRAMP_Moderate_R4_IR-5" ] }, - { - "policyDefinitionReferenceId": "VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_RA-5", - "FedRAMP_Moderate_R4_SI-2" - ] - }, { "policyDefinitionReferenceId": "DDoSProtectionStandardShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", @@ -4869,19 +4835,6 @@ "FedRAMP_Moderate_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_CM-7", - "FedRAMP_Moderate_R4_CM-7(2)", - "FedRAMP_Moderate_R4_CM-7(5)", - "FedRAMP_Moderate_R4_CM-10", - "FedRAMP_Moderate_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -5323,15 +5276,6 @@ "FedRAMP_Moderate_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_RA-5" - ] - }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", @@ -5467,16 +5411,6 @@ "FedRAMP_Moderate_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_AU-12", - "FedRAMP_Moderate_R4_SI-4" - ] - }, { "policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", @@ -10057,6 +9991,7 @@ } ], "versions": [ + "17.14.0", "17.13.0", "17.12.0", "17.11.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/HIPAA_HITRUST_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/HIPAA_HITRUST_audit.json index be9bf9a41..dad8574fb 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/HIPAA_HITRUST_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/HIPAA_HITRUST_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "Health Information Trust Alliance (HITRUST) helps organizations from all sectors-but especially healthcare-effectively manage data, information risk, and compliance. HITRUST certification means that the organization has undergone a thorough assessment of the information security program. These policies address a subset of HITRUST controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/hipaa-hitrust-9-2", "metadata": { - "version": "14.5.0", + "version": "14.6.0", "category": "Regulatory Compliance" }, - "version": "14.5.0", + "version": "14.6.0", "policyDefinitionGroups": [ { "name": "hipaa-0101.00a1Organizational.123-00.a", @@ -2769,14 +2769,15 @@ }, "adaptiveApplicationControlsMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Adaptive Application Controls should be enabled on virtual machines", - "description": "Enable or disable the monitoring of defining safe applications in Azure Security Center" + "description": "Enable or disable the monitoring of defining safe applications in Azure Security Center", + "deprecated": true } }, "NetworkAccessRemotelyAccessibleRegistryPaths": { @@ -2890,14 +2891,15 @@ }, "vmssOsVulnerabilitiesMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "Enable or disable virtual machine scale sets OS vulnerabilities monitoring" + "description": "Enable or disable virtual machine scale sets OS vulnerabilities monitoring", + "deprecated": true } }, "diagnosticsLogsInEventHubMonitoringEffect": { @@ -5077,21 +5079,6 @@ "hipaa-0201.09j1Organizational.124-09.j" ] }, - { - "policyDefinitionReferenceId": "adaptiveApplicationControlsMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('adaptiveApplicationControlsMonitoringEffect')]" - } - }, - "groupNames": [ - "hipaa-0201.09j1Organizational.124-09.j", - "hipaa-0607.10h2System.23-10.h", - "hipaa-1197.01l3Organizational.3-01.l" - ] - }, { "policyDefinitionReferenceId": "microsoftAntimalwareForAzureShouldBeConfiguredToAutomaticallyUpdateProtectionSignatures", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57", @@ -6782,33 +6769,6 @@ "hipaa-0718.10m3Organizational.34-10.m" ] }, - { - "policyDefinitionReferenceId": "containerBenchmarkMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "hipaa-0606.10h2System.1-10.h", - "hipaa-0709.10m1Organizational.1-10.m", - "hipaa-0715.10m2Organizational.8-10.m" - ] - }, - { - "policyDefinitionReferenceId": "vmssOsVulnerabilitiesMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('vmssOsVulnerabilitiesMonitoringEffect')]" - } - }, - "groupNames": [ - "hipaa-0607.10h2System.23-10.h", - "hipaa-0709.10m1Organizational.1-10.m", - "hipaa-0714.10m2Organizational.7-10.m", - "hipaa-0717.10m3Organizational.2-10.m" - ] - }, { "policyDefinitionReferenceId": "5e4e9685-3818-5934-0071-2620c4fa2ca5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5e4e9685-3818-5934-0071-2620c4fa2ca5", @@ -8174,20 +8134,6 @@ "hipaa-1411.09f1System.1-09.f" ] }, - { - "policyDefinitionReferenceId": "adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "hipaa-0809.01n2Organizational.1234-01.n", - "hipaa-0810.01n2Organizational.5-01.n", - "hipaa-0811.01n2Organizational.6-01.n", - "hipaa-0812.01n2Organizational.8-01.n", - "hipaa-0814.01n1Organizational.12-01.n", - "hipaa-0859.09m1Organizational.78-09.m" - ] - }, { "policyDefinitionReferenceId": "diagnosticsLogsInRedisCacheMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb", @@ -10611,16 +10557,6 @@ "hipaa-1219.09ab3System.10-09.ab" ] }, - { - "policyDefinitionReferenceId": "automaticProvisioningOfTheLogAnalyticsMonitoringAgentShouldBeEnabledOnYourSubscription", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "hipaa-1213.09ab2System.128-09.ab", - "hipaa-1220.09ab3System.56-09.ab" - ] - }, { "policyDefinitionReferenceId": "2c6bee3a-2180-2430-440d-db3c7a849870", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c6bee3a-2180-2430-440d-db3c7a849870", @@ -12028,6 +11964,7 @@ } ], "versions": [ + "14.6.0", "14.5.0", "14.4.0", "14.3.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/IRAP_Audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/IRAP_Audit.json index 94c1157f8..e52860938 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/IRAP_Audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/IRAP_Audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Australian Government Information Security Manual (ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/auism-initiative.", "metadata": { - "version": "8.4.0-preview", + "version": "8.5.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "8.4.0-preview", + "version": "8.5.0-preview", "policyDefinitionGroups": [ { "name": "AU_ISM_100", @@ -3241,14 +3241,15 @@ }, "adaptiveNetworkHardeningsMonitoringEffect": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive network hardening recommendations should be applied on internet facing virtual machines", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "identityDesignateMoreThanOneOwnerMonitoringEffect": { @@ -3365,14 +3366,15 @@ }, "vmssOsVulnerabilitiesMonitoringEffect": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "secureTransferToStorageAccountMonitoringEffect": { @@ -3390,14 +3392,15 @@ }, "adaptiveApplicationControlsMonitoringEffect": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "identityDesignateLessThanOwnersMonitoringEffect": { @@ -3682,14 +3685,15 @@ }, "containerBenchmarkMonitoringEffect": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in container security configurations should be remediated", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "apiAppDisableRemoteDebuggingMonitoringEffect": { @@ -3844,19 +3848,6 @@ "AU_ISM_1511" ] }, - { - "policyDefinitionReferenceId": "adaptiveNetworkHardeningsMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('adaptiveNetworkHardeningsMonitoringEffect')]" - } - }, - "groupNames": [ - "AU_ISM_1182" - ] - }, { "policyDefinitionReferenceId": "identityDesignateMoreThanOneOwnerMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b", @@ -3994,24 +3985,6 @@ "AU_ISM_520" ] }, - { - "policyDefinitionReferenceId": "vmssOsVulnerabilitiesMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('vmssOsVulnerabilitiesMonitoringEffect')]" - } - }, - "groupNames": [ - "AU_ISM_1144", - "AU_ISM_1472", - "AU_ISM_1494", - "AU_ISM_1495", - "AU_ISM_1496", - "AU_ISM_940" - ] - }, { "policyDefinitionReferenceId": "secureTransferToStorageAccountMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", @@ -4025,19 +3998,6 @@ "AU_ISM_1277" ] }, - { - "policyDefinitionReferenceId": "adaptiveApplicationControlsMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('adaptiveApplicationControlsMonitoringEffect')]" - } - }, - "groupNames": [ - "AU_ISM_1490" - ] - }, { "policyDefinitionReferenceId": "identityDesignateLessThanOwnersMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c", @@ -4443,24 +4403,6 @@ "AU_ISM_421" ] }, - { - "policyDefinitionReferenceId": "containerBenchmarkMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('containerBenchmarkMonitoringEffect')]" - } - }, - "groupNames": [ - "AU_ISM_1144", - "AU_ISM_1472", - "AU_ISM_1494", - "AU_ISM_1495", - "AU_ISM_1496", - "AU_ISM_940" - ] - }, { "policyDefinitionReferenceId": "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -4592,6 +4534,7 @@ } ], "versions": [ + "8.5.0-PREVIEW", "8.4.0-PREVIEW", "8.3.0-PREVIEW", "8.2.2-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/IRS1075_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/IRS1075_audit.json index 296ec7663..a20cbbdae 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/IRS1075_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/IRS1075_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/irs1075-init.", "metadata": { - "version": "8.3.0", + "version": "8.4.0", "category": "Regulatory Compliance" }, - "version": "8.3.0", + "version": "8.4.0", "policyDefinitionGroups": [ { "name": "IRS_1075_9.3.1.1", @@ -919,16 +919,6 @@ "IRS_1075_9.3.1.6" ] }, - { - "policyDefinitionReferenceId": "PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "IRS_1075_9.3.14.3", - "IRS_1075_9.3.17.2" - ] - }, { "policyDefinitionReferenceId": "PreviewAuditRemoteDebuggingStateForAFunctionApp", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9", @@ -1121,15 +1111,6 @@ "IRS_1075_9.3.7.5" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "IRS_1075_9.3.16.5" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -1149,17 +1130,6 @@ "IRS_1075_9.3.17.2" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "IRS_1075_9.3.5.7", - "IRS_1075_9.3.5.11", - "IRS_1075_9.3.16.5" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -1376,6 +1346,7 @@ } ], "versions": [ + "8.4.0", "8.3.0", "8.2.0", "8.1.0" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/ISO27001_2013_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/ISO27001_2013_audit.json index 6c0ab4718..8bf9ba9b3 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/ISO27001_2013_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/ISO27001_2013_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The International Organization for Standardization (ISO) 27001 standard provides requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS). These policies address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/iso27001-init", "metadata": { - "version": "8.3.0", + "version": "8.4.0", "category": "Regulatory Compliance" }, - "version": "8.3.0", + "version": "8.4.0", "policyDefinitionGroups": [ { "name": "ISO27001-2013_A.5.1.1", @@ -5885,16 +5885,6 @@ "ISO27001-2013_A.12.6.2" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "ISO27001-2013_A.12.5.1", - "ISO27001-2013_A.12.6.2" - ] - }, { "policyDefinitionReferenceId": "f78fc35e-1268-0bca-a798-afcba9d2330a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f78fc35e-1268-0bca-a798-afcba9d2330a", @@ -6777,6 +6767,7 @@ } ], "versions": [ + "8.4.0", "8.3.0", "8.2.0", "8.1.0" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/Media_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/Media_audit.json index 7054a5c81..01dff663b 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/Media_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/Media_audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-init.", "metadata": { - "version": "4.2.0-preview", + "version": "4.3.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "4.2.0-preview", + "version": "4.3.0-preview", "parameters": { "IncludeArcMachines": { "type": "string", @@ -131,13 +131,14 @@ "type": "string", "metadata": { "displayName": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "Enable or disable monitoring of virtual machine scale sets OS vulnerabilities " + "description": "Enable or disable monitoring of virtual machine scale sets OS vulnerabilities ", + "deprecated": true }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], - "defaultValue": "AuditIfNotExists" + "defaultValue": "Disabled" }, "systemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies": { "type": "string", @@ -801,16 +802,6 @@ "definitionVersion": "2.*.*", "parameters": {} }, - { - "policyDefinitionReferenceId": "vmssOsVulnerabilitiesMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('vmssOsVulnerabilitiesMonitoringEffect')]" - } - } - }, { "policyDefinitionReferenceId": "AzureBaselineSecurityOptionsSystemsettings", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12017595-5a75-4bb1-9d97-4c2c939ea3c3", @@ -1191,6 +1182,7 @@ } ], "versions": [ + "4.3.0-PREVIEW", "4.2.0-PREVIEW", "4.1.0-PREVIEW" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json index 716d35e9c..e90742684 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect the information and information systems of federal agencies. In response to Executive Order 13556 on managing controlled unclassified information (CUI), it published NIST SP 800-171. These policies address a subset of NIST SP 800-171 Rev. 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-nist-800-171", "metadata": { - "version": "15.13.0", + "version": "15.14.0", "category": "Regulatory Compliance" }, - "version": "15.13.0", + "version": "15.14.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-171_R2_3.1.1", @@ -3121,19 +3121,6 @@ "NIST_SP_800-171_R2_3.4.2" ] }, - { - "policyDefinitionReferenceId": "adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.1.3", - "NIST_SP_800-171_R2_3.13.1", - "NIST_SP_800-171_R2_3.13.2", - "NIST_SP_800-171_R2_3.13.5", - "NIST_SP_800-171_R2_3.13.6" - ] - }, { "policyDefinitionReferenceId": "b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -3694,18 +3681,6 @@ "NIST_SP_800-171_R2_3.14.7" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.3.1", - "NIST_SP_800-171_R2_3.3.2", - "NIST_SP_800-171_R2_3.14.6", - "NIST_SP_800-171_R2_3.14.7" - ] - }, { "policyDefinitionReferenceId": "c3d20c29-b36d-48fe-808b-99a87530ad99", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99", @@ -4194,30 +4169,6 @@ "NIST_SP_800-171_R2_3.4.2" ] }, - { - "policyDefinitionReferenceId": "adaptiveApplicationControlsMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.4.6", - "NIST_SP_800-171_R2_3.4.7", - "NIST_SP_800-171_R2_3.4.8", - "NIST_SP_800-171_R2_3.4.9" - ] - }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.4.6", - "NIST_SP_800-171_R2_3.4.7", - "NIST_SP_800-171_R2_3.4.8", - "NIST_SP_800-171_R2_3.4.9" - ] - }, { "policyDefinitionReferenceId": "previewAuditLinuxVmPasswdFilePermissions", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861", @@ -4422,17 +4373,6 @@ "NIST_SP_800-171_R2_3.8.9" ] }, - { - "policyDefinitionReferenceId": "vmssOsVulnerabilitiesMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.11.2", - "NIST_SP_800-171_R2_3.11.3", - "NIST_SP_800-171_R2_3.14.1" - ] - }, { "policyDefinitionReferenceId": "systemConfigurationsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", @@ -4476,16 +4416,6 @@ "NIST_SP_800-171_R2_3.14.1" ] }, - { - "policyDefinitionReferenceId": "containerBenchmarkMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.11.2", - "NIST_SP_800-171_R2_3.11.3" - ] - }, { "policyDefinitionReferenceId": "6ba6d016-e7c3-4842-b8f2-4992ebc0d72d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d", @@ -7570,6 +7500,7 @@ } ], "versions": [ + "15.14.0", "15.13.0", "15.12.0", "15.11.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json index 1058c8cf2..47f2c948e 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 R4 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk.These policies address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative", "metadata": { - "version": "17.13.0", + "version": "17.14.0", "category": "Regulatory Compliance" }, - "version": "17.13.0", + "version": "17.14.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R4_AC-1", @@ -5998,18 +5998,6 @@ "NIST_SP_800-53_R4_CM-6" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_AC-4", - "NIST_SP_800-53_R4_AC-4(3)", - "NIST_SP_800-53_R4_SC-7", - "NIST_SP_800-53_R4_SC-7(3)" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorUnprotectedNetworkEndpointsInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6", @@ -7504,19 +7492,6 @@ "NIST_SP_800-53_R4_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_AU-6(4)", - "NIST_SP_800-53_R4_AU-6(5)", - "NIST_SP_800-53_R4_AU-12", - "NIST_SP_800-53_R4_AU-12(1)", - "NIST_SP_800-53_R4_SI-4" - ] - }, { "policyDefinitionReferenceId": "91a78b24-f231-4a8a-8da9-02c35b2b6510", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510", @@ -8653,32 +8628,6 @@ "NIST_SP_800-53_R4_SI-7(1)" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_CM-7", - "NIST_SP_800-53_R4_CM-7(2)", - "NIST_SP_800-53_R4_CM-7(5)", - "NIST_SP_800-53_R4_CM-10", - "NIST_SP_800-53_R4_CM-11" - ] - }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_CM-7", - "NIST_SP_800-53_R4_CM-7(2)", - "NIST_SP_800-53_R4_CM-7(5)", - "NIST_SP_800-53_R4_CM-10", - "NIST_SP_800-53_R4_CM-11" - ] - }, { "policyDefinitionReferenceId": "043c1e56-5a16-52f8-6af8-583098ff3e60", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/043c1e56-5a16-52f8-6af8-583098ff3e60", @@ -10738,16 +10687,6 @@ "NIST_SP_800-53_R4_SI-3(7)" ] }, - { - "policyDefinitionReferenceId": "PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_RA-5", - "NIST_SP_800-53_R4_SI-2" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorOSVulnerabilitiesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", @@ -10787,15 +10726,6 @@ "NIST_SP_800-53_R4_SI-2" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_RA-5" - ] - }, { "policyDefinitionReferenceId": "6ba6d016-e7c3-4842-b8f2-4992ebc0d72d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d", @@ -12818,6 +12748,7 @@ } ], "versions": [ + "17.14.0", "17.13.0", "17.12.0", "17.11.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json index 34eaa26e7..a5159cad2 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk. These policies address a subset of NIST SP 800-53 R5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r5-initiative", "metadata": { - "version": "14.13.0", + "version": "14.14.0", "category": "Regulatory Compliance" }, - "version": "14.13.0", + "version": "14.14.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R5_AC-1", @@ -7138,18 +7138,6 @@ "NIST_SP_800-53_R5_CM-6" ] }, - { - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_AC-4", - "NIST_SP_800-53_R5_AC-4(3)", - "NIST_SP_800-53_R5_SC-7", - "NIST_SP_800-53_R5_SC-7(3)" - ] - }, { "policyDefinitionReferenceId": "09024ccc-0c5f-475e-9457-b7c0d9ed487b", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b", @@ -7250,19 +7238,6 @@ "NIST_SP_800-53_R5_SI-16" ] }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_CM-7", - "NIST_SP_800-53_R5_CM-7(2)", - "NIST_SP_800-53_R5_CM-7(5)", - "NIST_SP_800-53_R5_CM-10", - "NIST_SP_800-53_R5_CM-11" - ] - }, { "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", @@ -7339,16 +7314,6 @@ "NIST_SP_800-53_R5_SI-4(12)" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_RA-5", - "NIST_SP_800-53_R5_SI-2" - ] - }, { "policyDefinitionReferenceId": "a7aca53f-2ed4-4466-a25e-0b45ade68efd", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", @@ -7431,19 +7396,6 @@ "NIST_SP_800-53_R5_CM-6" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_CM-7", - "NIST_SP_800-53_R5_CM-7(2)", - "NIST_SP_800-53_R5_CM-7(5)", - "NIST_SP_800-53_R5_CM-10", - "NIST_SP_800-53_R5_CM-11" - ] - }, { "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -7913,15 +7865,6 @@ "NIST_SP_800-53_R5_SI-4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_RA-5" - ] - }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", @@ -8066,19 +8009,6 @@ "NIST_SP_800-53_R5_SI-4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_AU-6(4)", - "NIST_SP_800-53_R5_AU-6(5)", - "NIST_SP_800-53_R5_AU-12", - "NIST_SP_800-53_R5_AU-12(1)", - "NIST_SP_800-53_R5_SI-4" - ] - }, { "policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", @@ -13135,6 +13065,7 @@ } ], "versions": [ + "14.14.0", "14.13.0", "14.12.0", "14.11.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json index 26938e57f..3619e7bad 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address the Dutch Baseline Informatiebeveiliging (BIO) controls specifically for the 'thema-uitwerking Clouddiensten' and include policies covered under the SOC2 and ISO 27001:2013 controls.", "metadata": { - "version": "1.7.0", + "version": "1.8.0", "category": "Regulatory Compliance" }, - "version": "1.7.0", + "version": "1.8.0", "policyDefinitionGroups": [ { "name": "B.01 - Laws and regulations", @@ -2900,14 +2900,15 @@ }, "effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2": { @@ -4295,14 +4296,15 @@ }, "effect-475aae12-b88a-4572-8b36-9b712b2b3a17": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Auto provisioning of the Log Analytics agent should be enabled on your subscription", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-83a214f7-d01a-484b-91a9-ed54470c9a6a": { @@ -6834,22 +6836,6 @@ "U.15.1 - Events logged" ] }, - { - "policyDefinitionReferenceId": "VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')]" - } - }, - "groupNames": [ - "U.09.3 - Detection, prevention and recovery", - "C.04.3 - Timelines", - "C.04.6 - Timelines", - "C.04.7 - Evaluated" - ] - }, { "policyDefinitionReferenceId": "AzureDefenderForAzureSQLDatabaseServersShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2", @@ -8131,19 +8117,6 @@ "U.15.1 - Events logged" ] }, - { - "policyDefinitionReferenceId": "AutoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscription", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-475aae12-b88a-4572-8b36-9b712b2b3a17')]" - } - }, - "groupNames": [ - "U.15.1 - Events logged" - ] - }, { "policyDefinitionReferenceId": "ResourceLogsInEventHubShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a", @@ -8477,6 +8450,7 @@ } ], "versions": [ + "1.8.0", "1.7.0", "1.6.0", "1.5.1", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json index 555086f34..ab1688ccc 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of New Zealand Information Security Manual v3.5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative. ", "metadata": { - "version": "2.12.0-deprecated", + "version": "2.13.0-deprecated", "category": "Regulatory Compliance", "deprecated": true }, - "version": "2.12.0", + "version": "2.13.0", "policyDefinitionGroups": [ { "name": "NZ_ISM_v3.5_AC-1", @@ -1693,24 +1693,6 @@ "NZ_ISM_v3.5_SS-3" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "parameters": {}, - "groupNames": [ - "NZ_ISM_v3.5_SS-5" - ] - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "parameters": {}, - "groupNames": [ - "NZ_ISM_v3.5_SS-5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9", "definitionVersion": "2.*.*", @@ -2089,24 +2071,6 @@ "NZ_ISM_v3.5_ISI-2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "parameters": {}, - "groupNames": [ - "NZ_ISM_v3.5_ISM-4" - ] - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "parameters": {}, - "groupNames": [ - "NZ_ISM_v3.5_ISM-4" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", "definitionVersion": "1.*.*", @@ -2808,15 +2772,6 @@ "NZ_ISM_v3.5_GS-3" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "parameters": {}, - "groupNames": [ - "NZ_ISM_v3.5_GS-5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4b90e17e-8448-49db-875e-bd83fb6f804f", "definitionVersion": "1.*.*", @@ -3058,15 +3013,6 @@ "NZ_ISM_v3.5_CR-8" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "parameters": {}, - "groupNames": [ - "NZ_ISM_v3.5_AC-17" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9", "definitionVersion": "2.*.*", @@ -3151,6 +3097,7 @@ } ], "versions": [ + "2.13.0", "2.12.0", "2.11.0", "2.10.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NewZealand_ISM.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NewZealand_ISM.json index 0027cd310..83a43d29c 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NewZealand_ISM.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NewZealand_ISM.json @@ -5,10 +5,10 @@ "description": "New Zealand Information Security Manual (ISM) policy initiative. This policy set includes definitions that have a Deny effect by default", "metadata": { "category": "Regulatory Compliance", - "version": "1.1.0-preview", + "version": "1.2.0-preview", "preview": true }, - "version": "1.1.0-preview", + "version": "1.2.0-preview", "policyDefinitionGroups": [ { "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/New_Zealand_ISM_06.2.5.C.01", @@ -626,15 +626,6 @@ "definitionVersion": "1.*.*", "parameters": {} }, - { - "policyDefinitionReferenceId": "Vulnerabilities in container security configurations should be remediated", - "groupNames": [ - "New_Zealand_ISM_06.2.6.C.01" - ], - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "Vulnerabilities in security configuration on your machines should be remediated", "groupNames": [ @@ -644,15 +635,6 @@ "definitionVersion": "3.*.*", "parameters": {} }, - { - "policyDefinitionReferenceId": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "groupNames": [ - "New_Zealand_ISM_06.2.6.C.01" - ], - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "Machines should have secret findings resolved", "groupNames": [ @@ -1513,24 +1495,6 @@ } } }, - { - "policyDefinitionReferenceId": "Adaptive application controls for defining safe applications should be enabled on your machines", - "groupNames": [ - "New_Zealand_ISM_14.2.4.C.01" - ], - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {} - }, - { - "policyDefinitionReferenceId": "Allowlist rules in your adaptive application control policy should be updated", - "groupNames": [ - "New_Zealand_ISM_14.2.4.C.01" - ], - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "App Service apps should have authentication enabled", "groupNames": [ @@ -2118,15 +2082,6 @@ "definitionVersion": "1.*.*", "parameters": {} }, - { - "policyDefinitionReferenceId": "Adaptive network hardening recommendations should be applied on internet facing virtual machines", - "groupNames": [ - "New_Zealand_ISM_18.1.10.C.01" - ], - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "All network ports should be restricted on network security groups associated to your virtual machine", "groupNames": [ @@ -2656,15 +2611,6 @@ } } }, - { - "policyDefinitionReferenceId": "Auto provisioning of the Log Analytics agent should be enabled on your subscription", - "groupNames": [ - "New_Zealand_ISM_23.5.11.C.01" - ], - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "Disconnections should be logged for PostgreSQL database servers.", "groupNames": [ @@ -2859,6 +2805,7 @@ } ], "versions": [ + "1.2.0-PREVIEW", "1.1.0-PREVIEW", "1.0.0-PREVIEW" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json index ed975f894..6c9d54d13 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Reserve Bank of India IT Framework for Banks controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/rbiitfbanks-initiative.", "metadata": { - "version": "1.14.0-preview", + "version": "1.15.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "1.14.0-preview", + "version": "1.15.0-preview", "policyDefinitionGroups": [ { "name": "RBI_CSF_Banks_v2016_9.1", @@ -746,20 +746,6 @@ } }, "policyDefinitions": [ - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "parameters": {}, - "groupNames": [ - "RBI_CSF_Banks_v2016_2.2", - "RBI_CSF_Banks_v2016_13.3", - "RBI_CSF_Banks_v2016_14.1", - "RBI_CSF_Banks_v2016_2.1", - "RBI_CSF_Banks_v2016_4.2", - "RBI_CSF_Banks_v2016_13.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9", "definitionVersion": "2.*.*", @@ -925,20 +911,6 @@ "RBI_CSF_Banks_v2016_13.4" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "parameters": {}, - "groupNames": [ - "RBI_CSF_Banks_v2016_2.3", - "RBI_CSF_Banks_v2016_7.1", - "RBI_CSF_Banks_v2016_5.2", - "RBI_CSF_Banks_v2016_7.2", - "RBI_CSF_Banks_v2016_18.4", - "RBI_CSF_Banks_v2016_7.6" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc", "definitionVersion": "4.*.*", @@ -1043,23 +1015,6 @@ "RBI_CSF_Banks_v2016_18.4" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "parameters": {}, - "groupNames": [ - "RBI_CSF_Banks_v2016_7.1", - "RBI_CSF_Banks_v2016_6.3", - "RBI_CSF_Banks_v2016_6.7", - "RBI_CSF_Banks_v2016_18.4", - "RBI_CSF_Banks_v2016_6.1", - "RBI_CSF_Banks_v2016_6.6", - "RBI_CSF_Banks_v2016_7.6", - "RBI_CSF_Banks_v2016_2.3", - "RBI_CSF_Banks_v2016_7.2" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a", "definitionVersion": "1.*.*", @@ -1179,20 +1134,6 @@ "RBI_CSF_Banks_v2016_13.4" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "parameters": {}, - "groupNames": [ - "RBI_CSF_Banks_v2016_13.3", - "RBI_CSF_Banks_v2016_2.1", - "RBI_CSF_Banks_v2016_4.2", - "RBI_CSF_Banks_v2016_2.2", - "RBI_CSF_Banks_v2016_13.1", - "RBI_CSF_Banks_v2016_14.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", "definitionVersion": "1.*.*", @@ -1333,21 +1274,6 @@ "RBI_CSF_Banks_v2016_10.2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "parameters": {}, - "groupNames": [ - "RBI_CSF_Banks_v2016_10.1", - "RBI_CSF_Banks_v2016_13.4", - "RBI_CSF_Banks_v2016_4.7", - "RBI_CSF_Banks_v2016_4.10", - "RBI_CSF_Banks_v2016_13.3", - "RBI_CSF_Banks_v2016_10.2", - "RBI_CSF_Banks_v2016_4.3" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", "definitionVersion": "2.*.*", @@ -2639,6 +2565,7 @@ } ], "versions": [ + "1.15.0-PREVIEW", "1.14.0-PREVIEW", "1.13.0-PREVIEW", "1.12.0-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_NBFC_v2017.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_NBFC_v2017.json index 47e16d5e4..66c3e12f3 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_NBFC_v2017.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_NBFC_v2017.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Reserve Bank of India IT Framework for Non-Banking Financial Companies (NBFC) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/rbiitfnbfc-initiative.", "metadata": { - "version": "2.10.0-preview", + "version": "2.11.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "2.10.0-preview", + "version": "2.11.0-preview", "policyDefinitionGroups": [ { "name": "RBI_ITF_NBFC_v2017_6", @@ -806,15 +806,6 @@ "RBI_ITF_NBFC_v2017_5" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "parameters": {}, - "groupNames": [ - "RBI_ITF_NBFC_v2017_2" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c", "definitionVersion": "3.*.*", @@ -1322,15 +1313,6 @@ "RBI_ITF_NBFC_v2017_4.2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "parameters": {}, - "groupNames": [ - "RBI_ITF_NBFC_v2017_3.1.g" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193", "definitionVersion": "2.*.*", @@ -1396,26 +1378,6 @@ "RBI_ITF_NBFC_v2017_4.4b" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "parameters": {}, - "groupNames": [ - "RBI_ITF_NBFC_v2017_3.3", - "RBI_ITF_NBFC_v2017_1" - ] - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "parameters": {}, - "groupNames": [ - "RBI_ITF_NBFC_v2017_3.3", - "RBI_ITF_NBFC_v2017_1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570", "definitionVersion": "2.*.*", @@ -1911,15 +1873,6 @@ "RBI_ITF_NBFC_v2017_3.1.c" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "parameters": {}, - "groupNames": [ - "RBI_ITF_NBFC_v2017_2" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71", "definitionVersion": "2.*.*", @@ -2183,6 +2136,7 @@ } ], "versions": [ + "2.11.0-PREVIEW", "2.10.0-PREVIEW", "2.9.0-PREVIEW", "2.8.0-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json index 6aa947424..8d3212597 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of RMIT requirements. Additional policies will be added in upcoming releases. For more information, visit aka.ms/rmit-initiative.", "metadata": { - "version": "9.10.0", + "version": "9.11.0", "category": "Regulatory Compliance" }, - "version": "9.10.0", + "version": "9.11.0", "policyDefinitionGroups": [ { "name": "RMiT_v1.0_10.1", @@ -3867,16 +3867,6 @@ "RMiT_v1.0_10.33" ] }, - { - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "RMiT_v1.0_10.49", - "RMiT_v1.0_10.51" - ] - }, { "policyDefinitionReferenceId": "0b15565f-aa9e-48ba-8619-45960f2c314d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d", @@ -3904,15 +3894,6 @@ "RMiT_v1.0_10.19" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "RMiT_v1.0_11.17" - ] - }, { "policyDefinitionReferenceId": "22730e10-96f6-4aac-ad84-9383d35b5917", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917", @@ -3940,34 +3921,6 @@ "RMiT_v1.0_11.5" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "RMiT_v1.0_10.65" - ] - }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "RMiT_v1.0_11.18", - "RMiT_v1.0_Appendix_5.7" - ] - }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "RMiT_v1.0_Appendix_5.2" - ] - }, { "policyDefinitionReferenceId": "4da35fc9-c9e7-4960-aec9-797fe7d9051d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d", @@ -4245,15 +4198,6 @@ "RMiT_v1.0_Appendix_5.7" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "RMiT_v1.0_Appendix_5.7" - ] - }, { "policyDefinitionReferenceId": "0cfea604-3201-4e14-88fc-fae4c427a6c5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -4885,6 +4829,7 @@ } ], "versions": [ + "9.11.0", "9.10.0", "9.9.0", "9.8.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json index e2f675b7f..65f607bf5 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "A System and Organization Controls (SOC) 2 is a report based on the Trust Service Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA). The Report evaluates an organization's information system relevant to the following principles: security, availability, processing integrity, confidentiality and privacy. These policies address a subset of SOC 2 Type 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-soc-2", "metadata": { - "version": "1.8.0", + "version": "1.9.0", "category": "Regulatory Compliance" }, - "version": "1.8.0", + "version": "1.9.0", "policyDefinitionGroups": [ { "name": "SOC_2_A1.1", @@ -536,14 +536,15 @@ }, "effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive network hardening recommendations should be applied on internet facing virtual machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-f9d614c5-c173-4d56-95a7-b4437057d193": { @@ -2570,26 +2571,28 @@ }, "effect-47a6b606-51aa-4496-8bb7-64b11cf66adc": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-123a3936-f020-408a-ba0c-47873faf1534": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Allowlist rules in your adaptive application control policy should be updated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { @@ -4081,21 +4084,6 @@ "SOC_2_CC6.7" ] }, - { - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6')]" - } - }, - "groupNames": [ - "SOC_2_CC6.1", - "SOC_2_CC6.6", - "SOC_2_CC6.7" - ] - }, { "policyDefinitionReferenceId": "59bedbdc-0ba9-39b9-66bb-1d1c192384e6", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/59bedbdc-0ba9-39b9-66bb-1d1c192384e6", @@ -5908,34 +5896,6 @@ "SOC_2_CC8.1" ] }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-47a6b606-51aa-4496-8bb7-64b11cf66adc')]" - } - }, - "groupNames": [ - "SOC_2_CC6.8", - "SOC_2_CC7.1" - ] - }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-123a3936-f020-408a-ba0c-47873faf1534')]" - } - }, - "groupNames": [ - "SOC_2_CC6.8", - "SOC_2_CC7.1" - ] - }, { "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", @@ -6859,6 +6819,7 @@ } ], "versions": [ + "1.9.0", "1.8.0", "1.7.0", "1.6.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json index fcc1d6866..341c4f3c5 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of the SWIFT Customer Security Program's Customer Security Controls Framework v2021 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2021-init.", "metadata": { - "version": "4.8.0-preview", + "version": "4.9.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "4.8.0-preview", + "version": "4.9.0-preview", "policyDefinitionGroups": [ { "name": "SWIFT_CSCF_v2021_1.1", @@ -504,15 +504,6 @@ } }, "policyDefinitions": [ - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2021_1.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c", "definitionVersion": "3.*.*", @@ -801,15 +792,6 @@ "SWIFT_CSCF_v2021_2.7" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2021_2.7" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", @@ -967,15 +949,6 @@ "SWIFT_CSCF_v2021_6.4" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2021_6.4" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb", "definitionVersion": "5.*.*", @@ -1052,16 +1025,6 @@ "SWIFT_CSCF_v2021_6.2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2021_6.5A", - "SWIFT_CSCF_v2021_1.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446", "definitionVersion": "1.*.*", @@ -1203,15 +1166,6 @@ "SWIFT_CSCF_v2021_2.6" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2021_2.7" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9", "definitionVersion": "3.*.*", @@ -1986,6 +1940,7 @@ } ], "versions": [ + "4.9.0-PREVIEW", "4.8.0-PREVIEW", "4.7.0-PREVIEW", "4.6.0-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json index 01e06d9e7..b30eb4bee 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "SWIFT's Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF). These policies address a subset of SWIFT controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/swift-cscf-v2021", "metadata": { - "version": "2.5.0", + "version": "2.6.0", "category": "Regulatory Compliance" }, - "version": "2.5.0", + "version": "2.6.0", "policyDefinitionGroups": [ { "name": "SWIFT_CSCF_v2022_1.1", @@ -593,15 +593,6 @@ "SWIFT_CSCF_v2022_1.5A" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2022_1.1" - ] - }, { "policyDefinitionReferenceId": "34c877ad-507e-4c82-993e-3452a6e0ad3c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c", @@ -647,27 +638,6 @@ "SWIFT_CSCF_v2022_1.5A" ] }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2022_1.1", - "SWIFT_CSCF_v2022_1.5A" - ] - }, - { - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2022_1.1", - "SWIFT_CSCF_v2022_1.5A", - "SWIFT_CSCF_v2022_6.5A" - ] - }, { "policyDefinitionReferenceId": "2d21331d-a4c2-4def-a9ad-ee4e1e023beb", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb", @@ -1847,15 +1817,6 @@ "SWIFT_CSCF_v2022_2.7" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2022_2.7" - ] - }, { "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", @@ -1918,15 +1879,6 @@ "SWIFT_CSCF_v2022_2.7" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2022_2.7" - ] - }, { "policyDefinitionReferenceId": "4e45863d-9ea9-32b4-a204-2680bc6007a6", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4e45863d-9ea9-32b4-a204-2680bc6007a6", @@ -2909,15 +2861,6 @@ "SWIFT_CSCF_v2022_6.4" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2022_6.4" - ] - }, { "policyDefinitionReferenceId": "34f95f76-5386-4de7-b824-0d8478470c9d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d", @@ -3898,6 +3841,7 @@ } ], "versions": [ + "2.6.0", "2.5.0", "2.4.0", "2.3.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFTv2020_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFTv2020_audit.json index 468953b2b..30e198faf 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFTv2020_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFTv2020_audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2020-init.", "metadata": { - "version": "6.2.0-preview", + "version": "6.3.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "6.2.0-preview", + "version": "6.3.0-preview", "parameters": { "IncludeArcMachines": { "type": "string", @@ -247,12 +247,6 @@ "definitionVersion": "3.*.*", "parameters": {} }, - { - "policyDefinitionReferenceId": "VulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "RemoteDebuggingShouldBeTurnedOffForFunctionApp", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9", @@ -393,12 +387,6 @@ "definitionVersion": "3.*.*", "parameters": {} }, - { - "policyDefinitionReferenceId": "AdaptiveApplicationControlsShouldBeEnabledOnVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "JustInTimeNetworkAccessControlShouldBeAppliedOnVirtualMachines", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -518,12 +506,6 @@ } } }, - { - "policyDefinitionReferenceId": "NetworkSecurityGroupRulesForInternetFacingVirtualMachinesShouldBeHardened", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "PreviewAuditDependencyAgentDeploymentInVmssVmImageOsUnlisted", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10", @@ -580,6 +562,7 @@ } ], "versions": [ + "6.3.0-PREVIEW", "6.2.0-PREVIEW", "6.1.0-PREVIEW" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json index 26e236791..bce47c9b3 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address National Security Scheme (ENS) controls specifically for the 'CCN-STIC 884'. This policy set includes definitions that have a Deny effect by default.", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "Regulatory Compliance" }, - "version": "1.2.0", + "version": "1.3.0", "policyDefinitionGroups": [ { "name": "org.1 Security policy", @@ -5895,19 +5895,6 @@ ], "definitionVersion": "1.*.*" }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionReferenceId": "AdaptiveApplicationControlsForDefiningSafeApplicationsShouldBeEnabledOnYourMachines", - "parameters": { - "effect": { - "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" - } - }, - "groupNames": [ - "org.4 Authorization process" - ], - "definitionVersion": "3.*.*" - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/575ed5e8-4c29-99d0-0e4d-689fb1d29827", "policyDefinitionReferenceId": "AutomateApprovalRequestForProposedChanges", @@ -15228,6 +15215,7 @@ } ], "versions": [ + "1.3.0", "1.2.0", "1.1.0", "1.0.0" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_audit.json index 059417302..b276d9019 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative has been deprecated. The Azure Security Benchmark initiative now represents the Azure Security Benchmark v2 controls, and serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center.", "metadata": { - "version": "14.4.0-deprecated", + "version": "14.5.0-deprecated", "deprecated": true, "category": "Regulatory Compliance" }, - "version": "14.4.0", + "version": "14.5.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v1.0_1.1", @@ -658,16 +658,6 @@ "Azure_Security_Benchmark_v1.0_1.3" ] }, - { - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_1.1", - "Azure_Security_Benchmark_v1.0_1.4" - ] - }, { "policyDefinitionReferenceId": "09024ccc-0c5f-475e-9457-b7c0d9ed487b", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b", @@ -934,17 +924,6 @@ "Azure_Security_Benchmark_v1.0_2.3" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_5.5", - "Azure_Security_Benchmark_v1.0_7.4", - "Azure_Security_Benchmark_v1.0_7.10" - ] - }, { "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", @@ -973,26 +952,6 @@ "Azure_Security_Benchmark_v1.0_2.3" ] }, - { - "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_2.2", - "Azure_Security_Benchmark_v1.0_2.4" - ] - }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_6.8", - "Azure_Security_Benchmark_v1.0_6.10" - ] - }, { "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", @@ -1533,17 +1492,6 @@ "Azure_Security_Benchmark_v1.0_4.4" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_5.5", - "Azure_Security_Benchmark_v1.0_7.4", - "Azure_Security_Benchmark_v1.0_7.10" - ] - }, { "policyDefinitionReferenceId": "ea4d6841-2173-4317-9747-ff522a45120f", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f", @@ -1756,6 +1704,7 @@ } ], "versions": [ + "14.5.0", "14.4.0", "14.3.0", "14.2.0" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json index b70941178..02c75727d 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative has been deprecated. The Azure Security Benchmark v2 policy set is now represented in the consolidated Azure Security Benchmark initiative, which also serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center", "metadata": { - "version": "11.8.0-deprecated", + "version": "11.9.0-deprecated", "deprecated": true, "category": "Regulatory Compliance" }, - "version": "11.8.0", + "version": "11.9.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v2.0_NS-1", @@ -391,14 +391,15 @@ }, "effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive Network Hardening recommendations should be applied on internet facing virtual machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-55615ac9-af46-4a59-874e-391cc3dfb490": { @@ -1655,14 +1656,15 @@ }, "effect-47a6b606-51aa-4496-8bb7-64b11cf66adc": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-0e6763cc-5078-4e64-889d-ff4d9a839047": { @@ -2054,14 +2056,15 @@ }, "effect-475aae12-b88a-4572-8b36-9b712b2b3a17": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Automatic provisioning of the Log Analytics monitoring agent should be enabled on your subscription", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-d62cfe2b-3ab0-4d41-980d-76803b58ca65": { @@ -2706,26 +2709,28 @@ }, "effect-e8cbc669-f12d-49eb-93e7-9273119e9933": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in container security configurations should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": { @@ -3229,20 +3234,6 @@ "Azure_Security_Benchmark_v2.0_NS-4" ] }, - { - "policyDefinitionReferenceId": "adaptiveNetworkHardeningRecommendationsShouldBeAppliedOnInternetFacingVirtualMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_NS-1", - "Azure_Security_Benchmark_v2.0_NS-4" - ] - }, { "policyDefinitionReferenceId": "firewallShouldBeEnabledOnKeyVault", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490", @@ -4297,19 +4288,6 @@ "Azure_Security_Benchmark_v2.0_AM-3" ] }, - { - "policyDefinitionReferenceId": "adaptiveApplicationControlsForDefiningSafeApplicationsShouldBeEnabledOnYourMachines", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-47a6b606-51aa-4496-8bb7-64b11cf66adc')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_AM-6" - ] - }, { "policyDefinitionReferenceId": "azureDefenderForKeyVaultShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047", @@ -4635,19 +4613,6 @@ "Azure_Security_Benchmark_v2.0_LT-4" ] }, - { - "policyDefinitionReferenceId": "autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscription", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-475aae12-b88a-4572-8b36-9b712b2b3a17')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_LT-5" - ] - }, { "policyDefinitionReferenceId": "logAnalyticsAgentShouldBeInstalledOnYourLinuxAzureArcMachines", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373", @@ -5085,32 +5050,6 @@ "Azure_Security_Benchmark_v2.0_PV-4" ] }, - { - "policyDefinitionReferenceId": "vulnerabilitiesInContainerSecurityConfigurationsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-e8cbc669-f12d-49eb-93e7-9273119e9933')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_PV-4" - ] - }, - { - "policyDefinitionReferenceId": "vulnerabilitiesInSecurityConfigurationOnYourVirtualMachineScaleSetsShouldBeRemediated", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_PV-4" - ] - }, { "policyDefinitionReferenceId": "vulnerabilityAssessmentShouldBeEnabledOnYourSQLServers", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9", @@ -5360,6 +5299,7 @@ } ], "versions": [ + "11.9.0", "11.8.0", "11.7.0", "11.6.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json index d1d8c351f..b5a6048ba 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of New Zealand Information Security Manual controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative.", "metadata": { - "version": "11.9.0-deprecated", + "version": "11.10.0-deprecated", "category": "Regulatory Compliance", "deprecated": true }, - "version": "11.9.0", + "version": "11.10.0", "policyDefinitionGroups": [ { "name": "NZISM_Security_Benchmark_v1.1_AC-1", @@ -657,14 +657,15 @@ }, "effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive network hardening recommendations should be applied on internet facing virtual machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b": { @@ -860,14 +861,15 @@ }, "effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2": { @@ -930,14 +932,15 @@ }, "effect-47a6b606-51aa-4496-8bb7-64b11cf66adc": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-4f11b553-d42e-4e3a-89be-32ca364cad4c": { @@ -1527,14 +1530,15 @@ }, "effect-e8cbc669-f12d-49eb-93e7-9273119e9933": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Vulnerabilities in container security configurations should be remediated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e": { @@ -2186,14 +2190,15 @@ }, "effect-123a3936-f020-408a-ba0c-47873faf1534": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Allowlist rules in your adaptive application control policy should be updated", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef": { @@ -3035,19 +3040,6 @@ } }, "policyDefinitions": [ - { - "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6')]" - } - }, - "groupNames": [ - "NZISM_Security_Benchmark_v1.1_GS-5" - ] - }, { "policyDefinitionReferenceId": "09024ccc-0c5f-475e-9457-b7c0d9ed487b", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b", @@ -3202,19 +3194,6 @@ "NZISM_Security_Benchmark_v1.1_SS-3" ] }, - { - "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')]" - } - }, - "groupNames": [ - "NZISM_Security_Benchmark_v1.1_ISM-4" - ] - }, { "policyDefinitionReferenceId": "3d2a3320-2a72-4c67-ac5f-caa40fbee2b2", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2", @@ -3260,19 +3239,6 @@ "NZISM_Security_Benchmark_v1.1_NS-7" ] }, - { - "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-47a6b606-51aa-4496-8bb7-64b11cf66adc')]" - } - }, - "groupNames": [ - "NZISM_Security_Benchmark_v1.1_SS-5" - ] - }, { "policyDefinitionReferenceId": "4f11b553-d42e-4e3a-89be-32ca364cad4c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c", @@ -3581,19 +3547,6 @@ "NZISM_Security_Benchmark_v1.1_AC-3" ] }, - { - "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-e8cbc669-f12d-49eb-93e7-9273119e9933')]" - } - }, - "groupNames": [ - "NZISM_Security_Benchmark_v1.1_ISM-4" - ] - }, { "policyDefinitionReferenceId": "ea53dbee-c6c9-4f0e-9f9e-de0039b78023", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023", @@ -4092,19 +4045,6 @@ "NZISM_Security_Benchmark_v1.1_AC-17" ] }, - { - "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-123a3936-f020-408a-ba0c-47873faf1534')]" - } - }, - "groupNames": [ - "NZISM_Security_Benchmark_v1.1_SS-5" - ] - }, { "policyDefinitionReferenceId": "0da106f2-4ca3-48e8-bc85-c638fe6aea8f", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f", @@ -4710,6 +4650,7 @@ } ], "versions": [ + "11.10.0", "11.9.0", "11.8.0", "11.7.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/ukofficial_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/ukofficial_audit.json index 863cb0946..a3d5f9a11 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/ukofficial_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/ukofficial_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/ukofficial-init and https://aka.ms/uknhs-init.", "metadata": { - "version": "9.3.0", + "version": "9.4.0", "category": "Regulatory Compliance" }, - "version": "9.3.0", + "version": "9.4.0", "policyDefinitionGroups": [ { "name": "UK_NCSC_CSP_1", @@ -447,16 +447,6 @@ "UK_NCSC_CSP_5.2" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorPossibleAppWhitelistingInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "UK_NCSC_CSP_5.3", - "UK_NCSC_CSP_11" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorSQLVulnerabilityAssessmentResultsInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc", @@ -656,15 +646,6 @@ "UK_NCSC_CSP_5.2" ] }, - { - "policyDefinitionReferenceId": "PreviewAuditOSVulnerabilitiesOnYourVirtualMachineScaleSetsInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "UK_NCSC_CSP_5.2" - ] - }, { "policyDefinitionReferenceId": "AuditVirtualMachinesWithoutDisasterRecoveryConfigured", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56", @@ -692,15 +673,6 @@ "UK_NCSC_CSP_11" ] }, - { - "policyDefinitionReferenceId": "MonitorInternetFacingVirtualMachinesForNetworkSecurityGroupTrafficHardeningRecommendations", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "UK_NCSC_CSP_11" - ] - }, { "policyDefinitionReferenceId": "MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -748,6 +720,7 @@ } ], "versions": [ + "9.4.0", "9.3.0", "9.2.0", "9.1.0" diff --git a/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json b/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json index 9d1cbc67f..6ee18d061 100644 --- a/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json +++ b/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Microsoft cloud security benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft cloud security benchmark, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud.", "metadata": { - "version": "57.43.0", + "version": "57.44.0", "category": "Security Center" }, - "version": "57.43.0", + "version": "57.44.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v3.0_NS-1", @@ -550,14 +550,15 @@ }, "vmssOsVulnerabilitiesMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", - "description": "Enable or disable virtual machine scale sets OS vulnerabilities monitoring" + "description": "Enable or disable virtual machine scale sets OS vulnerabilities monitoring", + "deprecated": true } }, "systemUpdatesMonitoringEffect": { @@ -784,26 +785,28 @@ }, "adaptiveApplicationControlsMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Adaptive application controls for defining safe applications should be enabled on your machines", - "description": "Enable or disable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run" + "description": "Enable or disable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run", + "deprecated": true } }, "adaptiveApplicationControlsUpdateMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Allowlist rules in your adaptive application control policy should be updated", - "description": "Enable or disable the monitoring for changes in behavior on groups of machines configured for auditing by Microsoft Defender for Cloud's adaptive application controls" + "description": "Enable or disable the monitoring for changes in behavior on groups of machines configured for auditing by Microsoft Defender for Cloud's adaptive application controls", + "deprecated": true } }, "sqlAuditingMonitoringEffect": { @@ -2287,14 +2290,15 @@ }, "adaptiveNetworkHardeningsMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Adaptive network hardening recommendations should be applied on internet facing virtual machines", - "description": "Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations" + "description": "Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations", + "deprecated": true } }, "restrictAccessToManagementPortsMonitoringEffect": { @@ -2388,14 +2392,15 @@ }, "containerBenchmarkMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Vulnerabilities in container security configurations should be remediated", - "description": "Enable or disable container benchmark monitoring" + "description": "Enable or disable container benchmark monitoring", + "deprecated": true } }, "ASCDependencyAgentAuditWindowsEffect": { @@ -4775,14 +4780,15 @@ }, "autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Auto provisioning of the Log Analytics agent should be enabled on your subscription", - "description": "To monitor for security vulnerabilities and threats, Microsoft Defender for Cloud collects data from your Azure virtual machines. Data is collected by the Log Analytics agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads various security-related configurations and event logs from the machine and copies the data to your Log Analytics workspace for analysis. We recommend enabling auto provisioning to automatically deploy the agent to all supported Azure VMs and any new ones that are created." + "description": "To monitor for security vulnerabilities and threats, Microsoft Defender for Cloud collects data from your Azure virtual machines. Data is collected by the Log Analytics agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads various security-related configurations and event logs from the machine and copies the data to your Log Analytics workspace for analysis. We recommend enabling auto provisioning to automatically deploy the agent to all supported Azure VMs and any new ones that are created.", + "deprecated": true } }, "emailNotificationForHighSeverityAlertsShouldBeEnabledMonitoringEffect": { @@ -5590,19 +5596,6 @@ "Azure_Security_Benchmark_v3.0_DP-6" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "vmssOsVulnerabilitiesMonitoring", - "parameters": { - "effect": { - "value": "[parameters('vmssOsVulnerabilitiesMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_PV-6" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe", "definitionVersion": "3.*.*", @@ -6066,32 +6059,6 @@ "Azure_Security_Benchmark_v3.0_PA-2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "adaptiveApplicationControlsMonitoring", - "parameters": { - "effect": { - "value": "[parameters('adaptiveApplicationControlsMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_AM-5" - ] - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "adaptiveApplicationControlsUpdateMonitoring", - "parameters": { - "effect": { - "value": "[parameters('adaptiveApplicationControlsUpdateMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_AM-5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517", "definitionVersion": "3.*.*", @@ -6576,20 +6543,6 @@ "Azure_Security_Benchmark_v3.0_PV-5" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "adaptiveNetworkHardeningsMonitoring", - "parameters": { - "effect": { - "value": "[parameters('adaptiveNetworkHardeningsMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_NS-1", - "Azure_Security_Benchmark_v3.0_NS-7" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917", "definitionVersion": "3.*.*", @@ -6642,20 +6595,6 @@ "Azure_Security_Benchmark_v3.0_DP-5" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "containerBenchmarkMonitoring", - "parameters": { - "effect": { - "value": "[parameters('containerBenchmarkMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_PV-6", - "Azure_Security_Benchmark_v3.0_DS-6" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d", "definitionVersion": "1.*.*-preview", @@ -7882,19 +7821,6 @@ "Azure_Security_Benchmark_v3.0_IR-2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect", - "parameters": { - "effect": { - "value": "[parameters('autoProvisioningOfTheLogAnalyticsAgentShouldBeEnabledOnYourSubscriptionMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_LT-5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899", "definitionVersion": "1.*.*", @@ -8709,6 +8635,7 @@ } ], "versions": [ + "57.44.0", "57.43.0", "57.42.0", "57.41.0",