Azure 备份的 Azure Policy 法规遵从性控制措施Azure Policy Regulatory Compliance controls for Azure Backup
Azure Policy 中的法规符合性为与不同符合性标准相关的“符合域”和“安全控件”提供 Microsoft 创建和管理的计划定义,称为“内置” 。Regulatory Compliance in Azure Policy provides Microsoft created and managed initiative definitions, known as built-ins, for the compliance domains and security controls related to different compliance standards. 此页列出 Azure 备份的“符合域”和“安全控制措施” 。This page lists the compliance domains and security controls for Azure Backup. 可以分别为“安全控件”分配内置项,以帮助 Azure 资源符合特定的标准。You can assign the built-ins for a security control individually to help make your Azure resources compliant with the specific standard.
每个内置策略定义链接(指向 Azure 门户中的策略定义)的标题。The title of each built-in policy definition links to the policy definition in the Azure portal. 使用“策略版本”列中的链接查看 Azure Policy GitHub 存储库上的源。Use the link in the Policy Version column to view the source on the Azure Policy GitHub repo.
重要
下面的每个控件都与一个或多个 Azure Policy 定义关联。Each control below is associated with one or more Azure Policy definitions. 这些策略有助于评估控制的合规性;但是,控制与一个或多个策略之间通常不是一对一或完全匹配。These policies may help you assess compliance with the control; however, there often is not a one-to-one or complete match between a control and one or more policies. 因此,Azure Policy 中的符合性仅引用策略本身;这不确保你完全符合控件的所有要求。As such, Compliant in Azure Policy refers only to the policies themselves; this doesn't ensure you're fully compliant with all requirements of a control. 此外,符合性标准包含目前未由任何 Azure Policy 定义处理的控件。In addition, the compliance standard includes controls that aren't addressed by any Azure Policy definitions at this time. 因此,Azure Policy 中的符合性只是整体符合性状态的部分视图。Therefore, compliance in Azure Policy is only a partial view of your overall compliance status. 这些符合性标准的控制措施和 Azure Policy 法规符合性定义之间的关联可能会随着时间的推移而发生变化。The associations between controls and Azure Policy Regulatory Compliance definitions for these compliance standards may change over time.
Azure 安全基准Azure Security Benchmark
Azure 安全基准提供有关如何在 Azure 上保护云解决方案的建议。The Azure Security Benchmark provides recommendations on how you can secure your cloud solutions on Azure. 若要查看此服务如何完全映射到 Azure 安全基准,请参阅 Azure 安全基准映射文件。To see how this service completely maps to the Azure Security Benchmark, see the Azure Security Benchmark mapping files.
| 域Domain | 控制 IDControl ID | 控制标题Control title | 策略Policy (Azure 门户)(Azure portal) |
策略版本Policy version (GitHub)(GitHub) |
|---|---|---|---|---|
| 数据恢复Data Recovery | 9.19.1 | 确保定期执行自动备份Ensure regular automated back ups | 应为虚拟机启用 Azure 备份Azure Backup should be enabled for Virtual Machines | 1.0.11.0.1 |
| 数据恢复Data Recovery | 9.29.2 | 执行完整的系统备份并备份所有客户管理的密钥Perform complete system backups and backup any customer managed keys | 应为虚拟机启用 Azure 备份Azure Backup should be enabled for Virtual Machines | 1.0.11.0.1 |
HIPAA HITRUST 9.2HIPAA HITRUST 9.2
| 域Domain | 控制 IDControl ID | 控制标题Control title | 策略Policy (Azure 门户)(Azure portal) |
策略版本Policy version (GitHub)(GitHub) |
|---|---|---|---|---|
| 备份Back-up | 1620.09l1Organizational.8 - 09.l1620.09l1Organizational.8 - 09.l | 当第三方提供备份服务时,服务级别协议包含了详细的保护措施,以控制备份信息的机密性、完整性和可用性。When the backup service is delivered by the third party, the service level agreement includes the detailed protections to control confidentiality, integrity and availability of the backup information. | 应为虚拟机启用 Azure 备份Azure Backup should be enabled for Virtual Machines | 1.0.11.0.1 |
| 备份Back-up | 1625.09l3Organizational.34 - 09.l1625.09l3Organizational.34 - 09.l | 三 (3) 个备份(完整备份加上所有相关的增量备份或差异备份)都存储在非现场,并按名称、日期、时间和操作记录现场备份和非现场备份。Three (3) generations of backups (full plus all related incremental or differential backups) are stored off-site, and both on-site and off-site backups are logged with name, date, time and action. | 应为虚拟机启用 Azure 备份Azure Backup should be enabled for Virtual Machines | 1.0.11.0.1 |
| 备份Back-up | 1699.09l1Organizational.10 - 09.l1699.09l1Organizational.10 - 09.l | 确定工作人员在数据备份过程中的角色和职责并告知工作团队;特别是,要求自带设备办公 (BYOD) 的用户在其设备上对组织和/或客户端数据进行备份。Workforce members roles and responsibilities in the data backup process are identified and communicated to the workforce; in particular, Bring Your Own Device (BYOD) users are required to perform backups of organizational and/or client data on their devices. | 应为虚拟机启用 Azure 备份Azure Backup should be enabled for Virtual Machines | 1.0.11.0.1 |
后续步骤Next steps
- 在 Azure Policy GitHub 存储库中查看这些内置项。See the built-ins on the Azure Policy GitHub repo.