AzPolicyAdvertizer

last sync: 2023-Dec-06 18:52:29 UTC

Azure Policy definition

Implement a threat awareness program | Regulatory Compliance - Documentation

Source Azure Portal
Display name Implement a threat awareness program
Id 015b4935-448a-8684-27c0-d13086356c33
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1758 - Implement a threat awareness program
Additional metadata Name/Id: CMA_C1758 / CMA_C1758
Category: Documentation
Title: Implement a threat awareness program
Ownership: Customer
Description: The customer is responsible for implementing a threat awareness program that includes a cross-organization information-sharing capability.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 2 compliance controls are associated with this Policy definition 'Implement a threat awareness program' (015b4935-448a-8684-27c0-d13086356c33)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 1302.02e2Organizational.134-02.e hipaa-1302.02e2Organizational.134-02.e 1302.02e2Organizational.134-02.e 13 Education, Training and Awareness 1302.02e2Organizational.134-02.e 02.03 During Employment Shared n/a Dedicated security and privacy awareness training is developed as part of the organization's onboarding program, is documented and tracked, and includes the recognition and reporting of potential indicators of an insider threat. 19
PCI_DSS_v4.0 12.6.3.1 PCI_DSS_v4.0_12.6.3.1 PCI DSS v4.0 12.6.3.1 Requirement 12: Support Information Security with Organizational Policies and Programs Security awareness education is an ongoing activity Shared n/a Security awareness training includes awareness of threats and vulnerabilities that could impact the security of the CDE, including but not limited to: • Phishing and related attacks. • Social engineering. link 3
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 015b4935-448a-8684-27c0-d13086356c33
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC