AzPolicyAdvertizer

last sync: 2025-Aug-12 17:23:12 UTC

Keep accurate accounting of disclosures of information | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Keep accurate accounting of disclosures of information
Id 0bbfd658-93ab-6f5e-1e19-3c1c1da62d01
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1818 - Keep accurate accounting of disclosures of information
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Additional metadata Name/Id: CMA_C1818 / CMA_C1818
Category: Operational
Title: Keep accurate accounting of disclosures of information
Ownership: Customer
Description: The customer is responsible for keeping an accurate accounting of disclosures of information held in each system of records under its control, including: (1) Date, nature, and purpose of each disclosure of a record; and (2) Name and address of the person or agency to which the disclosure was made.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Compliance
The following 4 compliance controls are associated with this Policy definition 'Keep accurate accounting of disclosures of information' (0bbfd658-93ab-6f5e-1e19-3c1c1da62d01)
Rows: 1-4 / 4

Columns:

Close

Columns▼Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 1902.06d1Organizational.2-06.d hipaa-1902.06d1Organizational.2-06.d 1902.06d1Organizational.2-06.d 19 Data Protection & Privacy 1902.06d1Organizational.2-06.d 06.01 Compliance with Legal Requirements Shared n/a When required, consent is obtained before any PII (e.g., about a client/customer) is emailed, faxed, or communicated by telephone conversation, or otherwise disclosed to parties external to the organization. 11
SOC_2 P6.2 SOC_2_P6.2 SOC 2 Type 2 P6.2 Additional Criteria For Privacy Authorized disclosure of personal information record Shared The customer is responsible for implementing this recommendation. • Creates and Retains Record of Authorized Disclosures — The entity creates and maintains a record of authorized disclosures of personal information that is complete, accurate, and timely. 1
SOC_2 P6.3 SOC_2_P6.3 SOC 2 Type 2 P6.3 Additional Criteria For Privacy Unauthorized disclosure of personal information record Shared The customer is responsible for implementing this recommendation. • Creates and Retains Record of Detected or Reported Unauthorized Disclosures — The entity creates and maintains a record of detected or reported unauthorized disclosures of personal information that is complete, accurate, and timely. 1
SOC_2 P6.7 SOC_2_P6.7 SOC 2 Type 2 P6.7 Additional Criteria For Privacy Accounting of disclosure of personal information Shared The customer is responsible for implementing this recommendation. • Identifies Types of Personal Information and Handling Process — The types of personal information and sensitive personal information and the related processes, systems, and third parties involved in the handling of such information are identified. • Captures, Identifies, and Communicates Requests for Information — Requests for an accounting of personal information held and disclosures of the data subjects’ personal information are captured and information related to the requests is identified and communicated to data subjects to meet the entity’s objectives related to privacy. 5
Initiatives usage
Rows: 1-2 / 2
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn unknown
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn true
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 0bbfd658-93ab-6f5e-1e19-3c1c1da62d01
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0 RENAMED
@@ -3,9 +3,9 @@
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "CMA_C1818 - Keep accurate accounting of disclosures of information",
6
  "metadata": {
7
- "version": "1.0.0",
8
  "category": "Regulatory Compliance",
9
  "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1818"
10
  },
11
  "parameters": {
@@ -29,9 +29,9 @@
29
  },
30
  "then": {
31
  "effect": "[parameters('effect')]",
32
  "details": {
33
- "defaultState": "NonCompliant"
34
  }
35
  }
36
  }
37
  }
 
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "CMA_C1818 - Keep accurate accounting of disclosures of information",
6
  "metadata": {
7
+ "version": "1.1.0",
8
  "category": "Regulatory Compliance",
9
  "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1818"
10
  },
11
  "parameters": {
 
29
  },
30
  "then": {
31
  "effect": "[parameters('effect')]",
32
  "details": {
33
+ "defaultState": "Unknown"
34
  }
35
  }
36
  }
37
  }
JSON
api-version=2021-06-01
EPAC 
{7 items}