AzPolicyAdvertizer

last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Identify incident response personnel

Name Identify incident response personnel
Azure Portal
Id 037c0089-6606-2dab-49ad-437005b5035f
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_0301 - Identify incident response personnel
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)		 none
Rule
Aliases
Rule
ResourceTypes		 IF (1)
Microsoft.Resources/subscriptions
Compliance The following 12 compliance controls are associated with this Policy definition 'Identify incident response personnel' (037c0089-6606-2dab-49ad-437005b5035f)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IR-7(2) FedRAMP_High_R4_IR-7(2) FedRAMP High IR-7 (2) Incident Response Coordination With External Providers Shared n/a The organization: (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (b) Identifies organizational incident response team members to the external providers. Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks. link 2
FedRAMP_High_R4 IR-9(1) FedRAMP_High_R4_IR-9(1) FedRAMP High IR-9 (1) Incident Response Responsible Personnel Shared n/a The organization assigns [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills. link 1
FedRAMP_Moderate_R4 IR-7(2) FedRAMP_Moderate_R4_IR-7(2) FedRAMP Moderate IR-7 (2) Incident Response Coordination With External Providers Shared n/a The organization: (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (b) Identifies organizational incident response team members to the external providers. Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks. link 2
FedRAMP_Moderate_R4 IR-9(1) FedRAMP_Moderate_R4_IR-9(1) FedRAMP Moderate IR-9 (1) Incident Response Responsible Personnel Shared n/a The organization assigns [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills. link 1
hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 14 Third Party Assurance 1450.05i2Organizational.2-05.i 05.02 External Parties Shared n/a The organization obtains satisfactory assurances that reasonable information security exists across its information supply chain by performing an annual review, which includes all partners/third-party providers upon which their information supply chain depends. 10
hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 15 Incident Management 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a A formal security incident response program has been established to respond, report (without fear of repercussion), escalate and treat breaches and reported security events or incidents. Organization-wide standards are specified for the time required for system administrators and other personnel to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification. This reporting includes notifying internal and external stakeholders, the appropriate community Computer Emergency Response Team, and law enforcement agencies in accordance with all legal or regulatory requirements for involving such organizations in computer incidents. 19
hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 15 Incident Management 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements Shared n/a Incidents are promptly reported to the appropriate authorities and outside parties (e.g., FedCIRC, CERT/CC). 4
hipaa 1577.11aCSPOrganizational.1-11.a hipaa-1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 15 Incident Management 1577.11aCSPOrganizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a Cloud service providers make security incident information available to all affected customers and providers periodically through electronic methods (e.g., portals). 2
NIST_SP_800-53_R4 IR-7(2) NIST_SP_800-53_R4_IR-7(2) NIST SP 800-53 Rev. 4 IR-7 (2) Incident Response Coordination With External Providers Shared n/a The organization: (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (b) Identifies organizational incident response team members to the external providers. Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks. link 2
NIST_SP_800-53_R4 IR-9(1) NIST_SP_800-53_R4_IR-9(1) NIST SP 800-53 Rev. 4 IR-9 (1) Incident Response Responsible Personnel Shared n/a The organization assigns [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills. link 1
NIST_SP_800-53_R5 IR-7(2) NIST_SP_800-53_R5_IR-7(2) NIST SP 800-53 Rev. 5 IR-7 (2) Incident Response Coordination with External Providers Shared n/a (a) Establish a direct, cooperative relationship between its incident response capability and external providers of system protection capability; and (b) Identify organizational incident response team members to the external providers. link 2
SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 11. Monitor in case of Major Disaster Effective support is offered to customers in case they face problems during their business hours. Shared n/a Effective support is offered to customers in case they face problems during their business hours. link 10
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 037c0089-6606-2dab-49ad-437005b5035f
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
JSON