Version: 1.0

Approved By: Richard D’Lonesteen

Created at: 12/08/2023

Network Security Control Configuration Standards

1. Introduction

1.1. Purpose

The purpose of this document is to establish secure configuration standards for networking within a Microsoft Azure environment, ensuring that all network resources utilized by the organization for its Software as a Service (SaaS) offerings are properly secured.

1.2. Scope

This policy applies to all network-related resources and services hosted on Microsoft Azure, including but not limited to virtual networks, network security groups, firewalls, gateways, and managed service identities.

1.3. Document Maintenance

This document will be reviewed annually and updated as necessary to keep up with advancements in Azure services, industry best practices, and relevant compliance requirements.

2. Network Security Control Configuration Standards

2.1. Overview of Network Security Controls

Network security controls in Azure are designed to protect data, applications, and the associated infrastructure of cloud-based and hybrid environments.

2.2. Configuration Management Process

2.2.1. Configuration Baseline

• Establish and maintain a secure baseline configuration for all Azure networking components based on Microsoft's best practices and industry standards.

2.2.2. Change Management Process