Migrer til innovate Summit:
Få mere at vide om, hvordan migrering og modernisering til Azure kan øge din virksomheds ydeevne, robusthed og sikkerhed, hvilket giver dig mulighed for fuldt ud at omfatte AI.Tilmeld dig nu
Denne browser understøttes ikke længere.
Opgrader til Microsoft Edge for at drage fordel af de nyeste funktioner, sikkerhedsopdateringer og teknisk support.
Azure VMware Solution addresses vulnerabilities in the infrastructure
Artikel
At a high level, Azure VMware Solution is an Azure service, so it must follow all the same policies and requirements that Azure follows. Azure policies and procedures dictate that Azure VMware Solution must follow the Security Development Lifecycle (SDL) and must meet several regulatory requirements as promised by Azure.
Our approach to vulnerabilities
Azure VMware Solution takes an in-depth approach to vulnerability and risk management. We follow the SDL to ensure that we're building securely from the start. This focus on security includes working with any third-party solutions. Our services are continually assessed through automatic and manual reviews on a regular basis. We also partner with third-party partners on security hardening and early notifications of vulnerabilities within their solutions.
Vulnerability management
Engineering and security teams triage any signal of vulnerabilities.
Details within the signal are adjudicated and assigned a Common Vulnerability Scoring System (CVSS) score and risk rating according to compensating controls within the service.
The risk rating is used against internal bug bars, internal policies, and regulations to establish a timeline for implementing a fix.
Internal engineering teams partner with appropriate parties to qualify and roll out any fixes, patches, and other configuration updates necessary.
Communications are drafted when necessary and published according to the risk rating assigned.
Subset of regulations governing vulnerability and risk management
Azure VMware Solution is in scope for the following certifications and regulatory requirements. The regulations listed aren't a complete list of certifications that Azure VMware Solution holds. Instead, it's a list with specific requirements around vulnerability management. These regulations don't rely on other regulations for the same purpose. For example, certain regional certifications might point to ISO requirements for vulnerability management.
Bemærk
You must be an active Microsoft customer to access the following audit reports hosted in the Service Trust Portal:
Learn how Microsoft 365 proactively monitors information system assets for vulnerabilities, assesses the risks associated with discovered vulnerabilities, and remediates them in a timely manner.
Demonstrer de færdigheder, der er nødvendige for at implementere sikkerhedskontroller, vedligeholde en organisations sikkerhedsholdning og identificere og afhjælpe sikkerhedsrisici.