AzPolicyAdvertizer

last sync: 2025-May-13 18:39:59 UTC

Implement a threat awareness program | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Implement a threat awareness program

015b4935-448a-8684-27c0-d13086356c33

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1758 - Implement a threat awareness program

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'

Additional metadata

Name/Id: CMA_C1758 / CMA_C1758
Category: Documentation
Title: Implement a threat awareness program
Ownership: Customer
Description: The customer is responsible for implementing a threat awareness program that includes a cross-organization information-sharing capability.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)

Microsoft.Resources/subscriptions

Compliance

The following 2 compliance controls are associated with this Policy definition 'Implement a threat awareness program' (015b4935-448a-8684-27c0-d13086356c33)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
hipaa	1302.02e2Organizational.134-02.e	hipaa-1302.02e2Organizational.134-02.e	1302.02e2Organizational.134-02.e	13 Education, Training and Awareness	1302.02e2Organizational.134-02.e 02.03 During Employment	Shared	n/a	Dedicated security and privacy awareness training is developed as part of the organization's onboarding program, is documented and tracked, and includes the recognition and reporting of potential indicators of an insider threat.		19
PCI_DSS_v4.0	12.6.3.1	PCI_DSS_v4.0_12.6.3.1	PCI DSS v4.0 12.6.3.1	Requirement 12: Support Information Security with Organizational Policies and Programs	Security awareness education is an ongoing activity	Shared	n/a	Security awareness training includes awareness of threats and vulnerabilities that could impact the security of the CDE, including but not limited to: • Phishing and related attacks. • Social engineering.	link	3

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn	unknown
PCI DSS v4	c676748e-3af9-4e22-bc28-50feed564afb	Regulatory Compliance	GA	BuiltIn	true

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	015b4935-448a-8684-27c0-d13086356c33

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC