last sync: 2024-Jun-14 18:20:16 UTC

Microsoft Managed Control 1159 - Security Authorization | Regulatory Compliance - Security Assessment and Authorization

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1159 - Security Authorization
Id 0925f098-7877-450b-8ba4-d1e55f2d8795
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Security Assessment and Authorization control
Additional metadata Name/Id: ACF1159 / Microsoft Managed Control 1159
Category: Security Assessment and Authorization
Title: Security Authorization - Signoff
Ownership: Customer, Microsoft
Description: The organization: Ensures that the authorizing official authorizes the information system for processing before commencing operations; and
Requirements: The FedRAMP JAB, DISA/DoD authorizing officials, and other regulators determine if the remaining known vulnerabilities in the information system pose an acceptable level of risk to issue a P-ATO. Agencies must also determine whether the risk to agency operations, assets, and individuals is acceptable. Following review of the security authorization package and consultation with key agency officials, the FedRAMP JAB, DISA/DoD authorizing officials, and other regulators render an authorization decision to: * Authorize system operation without any restrictions or limitations on its operation; * Authorize system operation with restriction or limitation on its operation. The POA&M must be included detailed corrective actions to correct deficiencies. Resubmit an updated accreditation package upon completion of required POA&M actions to move to authorization to operate without any restrictions; or * Not authorize the system for operation.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a