Name/Id: CMA_C1758 / CMA_C1758 Category: Documentation Title: Implement a threat awareness program Ownership: Customer Description: The customer is responsible for implementing a threat awareness program that includes a cross-organization information-sharing capability. Requirements: The customer is responsible for implementing this recommendation.
Default Manual Allowed Manual, Disabled
Rule resource types
IF (1) Microsoft.Resources/subscriptions
The following 2 compliance controls are associated with this Policy definition 'Implement a threat awareness program' (015b4935-448a-8684-27c0-d13086356c33)
1302.02e2Organizational.134-02.e 02.03 During Employment
Dedicated security and privacy awareness training is developed as part of the organization's onboarding program, is documented and tracked, and includes the recognition and reporting of potential indicators of an insider threat.
Requirement 12: Support Information Security with Organizational Policies and Programs
Security awareness education is an ongoing activity
Security awareness training includes awareness of threats and vulnerabilities that could impact the security of the CDE, including but not limited to:
• Phishing and related attacks.
• Social engineering.