last sync: 2024-Jun-14 18:20:16 UTC

Identify incident response personnel | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Identify incident response personnel
Id 037c0089-6606-2dab-49ad-437005b5035f
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_0301 - Identify incident response personnel
Additional metadata Name/Id: CMA_0301 / CMA_0301
Category: Operational
Title: Identify incident response personnel
Ownership: Customer
Description: Microsoft recommends that your organization define, identify, and document personnel or roles with the responsibility for responding to information spills or incidents. Your organization should also consider identifying organizational incident response team members to any external providers. Your organization can consider creating and maintaining an overall security incident response plan that includes processes for defining personnel roles with the responsibility for responding to information spills. It is recommended that your organization provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the information system for the handling and reporting of security incidents. Additionally, your organization can consider establishing a direct, cooperative relationship between your incident response capability and external providers of system protection, as well as identifying organizational incident response team members to the external providers.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 13 compliance controls are associated with this Policy definition 'Identify incident response personnel' (037c0089-6606-2dab-49ad-437005b5035f)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IR-7(2) FedRAMP_High_R4_IR-7(2) FedRAMP High IR-7 (2) Incident Response Coordination With External Providers Shared n/a The organization: (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (b) Identifies organizational incident response team members to the external providers. Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks. link 2
FedRAMP_High_R4 IR-9(1) FedRAMP_High_R4_IR-9(1) FedRAMP High IR-9 (1) Incident Response Responsible Personnel Shared n/a The organization assigns [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills. link 1
FedRAMP_Moderate_R4 IR-7(2) FedRAMP_Moderate_R4_IR-7(2) FedRAMP Moderate IR-7 (2) Incident Response Coordination With External Providers Shared n/a The organization: (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (b) Identifies organizational incident response team members to the external providers. Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks. link 2
FedRAMP_Moderate_R4 IR-9(1) FedRAMP_Moderate_R4_IR-9(1) FedRAMP Moderate IR-9 (1) Incident Response Responsible Personnel Shared n/a The organization assigns [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills. link 1
hipaa 1450.05i2Organizational.2-05.i hipaa-1450.05i2Organizational.2-05.i 1450.05i2Organizational.2-05.i 14 Third Party Assurance 1450.05i2Organizational.2-05.i 05.02 External Parties Shared n/a The organization obtains satisfactory assurances that reasonable information security exists across its information supply chain by performing an annual review, which includes all partners/third-party providers upon which their information supply chain depends. 10
hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 15 Incident Management 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a A formal security incident response program has been established to respond, report (without fear of repercussion), escalate and treat breaches and reported security events or incidents. Organization-wide standards are specified for the time required for system administrators and other personnel to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification. This reporting includes notifying internal and external stakeholders, the appropriate community Computer Emergency Response Team, and law enforcement agencies in accordance with all legal or regulatory requirements for involving such organizations in computer incidents. 19
hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 15 Incident Management 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements Shared n/a Incidents are promptly reported to the appropriate authorities and outside parties (e.g., FedCIRC, CERT/CC). 4
hipaa 1577.11aCSPOrganizational.1-11.a hipaa-1577.11aCSPOrganizational.1-11.a 1577.11aCSPOrganizational.1-11.a 15 Incident Management 1577.11aCSPOrganizational.1-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a Cloud service providers make security incident information available to all affected customers and providers periodically through electronic methods (e.g., portals). 2
NIST_SP_800-53_R4 IR-7(2) NIST_SP_800-53_R4_IR-7(2) NIST SP 800-53 Rev. 4 IR-7 (2) Incident Response Coordination With External Providers Shared n/a The organization: (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (b) Identifies organizational incident response team members to the external providers. Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks. link 2
NIST_SP_800-53_R4 IR-9(1) NIST_SP_800-53_R4_IR-9(1) NIST SP 800-53 Rev. 4 IR-9 (1) Incident Response Responsible Personnel Shared n/a The organization assigns [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills. link 1
NIST_SP_800-53_R5 IR-7(2) NIST_SP_800-53_R5_IR-7(2) NIST SP 800-53 Rev. 5 IR-7 (2) Incident Response Coordination with External Providers Shared n/a (a) Establish a direct, cooperative relationship between its incident response capability and external providers of system protection capability; and (b) Identify organizational incident response team members to the external providers. link 2
op.exp.7 Incident management op.exp.7 Incident management 404 not found n/a n/a 103
SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 11. Monitor in case of Major Disaster Effective support is offered to customers in case they face problems during their business hours. Shared n/a Effective support is offered to customers in case they face problems during their business hours. link 10
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 037c0089-6606-2dab-49ad-437005b5035f
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC