last sync: 2024-Jun-24 18:15:26 UTC

Restrict location of information processing, storage and services | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Restrict location of information processing, storage and services
Id 0040d2e5-2779-170d-6a2c-1f5fca353335
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1593 - Restrict location of information processing, storage and services
Additional metadata Name/Id: CMA_C1593 / CMA_C1593
Category: Documentation
Title: Restrict location of information processing, storage and services
Ownership: Customer
Description: The customer is responsible for restricting the location of information processing, storage, and services.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 5 compliance controls are associated with this Policy definition 'Restrict location of information processing, storage and services' (0040d2e5-2779-170d-6a2c-1f5fca353335)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SA-9(5) FedRAMP_High_R4_SA-9(5) FedRAMP High SA-9 (5) System And Services Acquisition Processing, Storage, And Service Location Shared n/a The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions]. Supplemental Guidance: The location of information processing, information/data storage, or information system services that are critical to organizations can have a direct impact on the ability of those organizations to successfully execute their missions/business functions. This situation exists when external providers control the location of processing, storage or services. The criteria external providers use for the selection of processing, storage, or service locations may be different from organizational criteria. For example, organizations may want to ensure that data/information storage locations are restricted to certain locations to facilitate incident response activities (e.g., forensic analyses, after-the-fact investigations) in case of information security breaches/compromises. Such incident response activities may be adversely affected by the governing laws or protocols in the locations where processing and storage occur and/or the locations from which information system services emanate. link 1
FedRAMP_Moderate_R4 SA-9(5) FedRAMP_Moderate_R4_SA-9(5) FedRAMP Moderate SA-9 (5) System And Services Acquisition Processing, Storage, And Service Location Shared n/a The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions]. Supplemental Guidance: The location of information processing, information/data storage, or information system services that are critical to organizations can have a direct impact on the ability of those organizations to successfully execute their missions/business functions. This situation exists when external providers control the location of processing, storage or services. The criteria external providers use for the selection of processing, storage, or service locations may be different from organizational criteria. For example, organizations may want to ensure that data/information storage locations are restricted to certain locations to facilitate incident response activities (e.g., forensic analyses, after-the-fact investigations) in case of information security breaches/compromises. Such incident response activities may be adversely affected by the governing laws or protocols in the locations where processing and storage occur and/or the locations from which information system services emanate. link 1
hipaa 0947.09y2Organizational.2-09.y hipaa-0947.09y2Organizational.2-09.y 0947.09y2Organizational.2-09.y 09 Transmission Protection 0947.09y2Organizational.2-09.y 09.09 Electronic Commerce Services Shared n/a The organization ensures the storage of the transaction details are located outside of any publicly accessible environments (e.g., on a storage platform existing on the organization's intranet) and not retained and exposed on a storage medium directly accessible from the Internet. 11
NIST_SP_800-53_R4 SA-9(5) NIST_SP_800-53_R4_SA-9(5) NIST SP 800-53 Rev. 4 SA-9 (5) System And Services Acquisition Processing, Storage, And Service Location Shared n/a The organization restricts the location of [Selection (one or more): information processing; information/data; information system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions]. Supplemental Guidance: The location of information processing, information/data storage, or information system services that are critical to organizations can have a direct impact on the ability of those organizations to successfully execute their missions/business functions. This situation exists when external providers control the location of processing, storage or services. The criteria external providers use for the selection of processing, storage, or service locations may be different from organizational criteria. For example, organizations may want to ensure that data/information storage locations are restricted to certain locations to facilitate incident response activities (e.g., forensic analyses, after-the-fact investigations) in case of information security breaches/compromises. Such incident response activities may be adversely affected by the governing laws or protocols in the locations where processing and storage occur and/or the locations from which information system services emanate. link 1
NIST_SP_800-53_R5 SA-9(5) NIST_SP_800-53_R5_SA-9(5) NIST SP 800-53 Rev. 5 SA-9 (5) System and Services Acquisition Processing, Storage, and Service Location Shared n/a Restrict the location of [Selection (OneOrMore): information processing;information or data;system services] to [Assignment: organization-defined locations] based on [Assignment: organization-defined requirements or conditions]. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 0040d2e5-2779-170d-6a2c-1f5fca353335
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC