last sync: 2024-Feb-21 20:03:25 UTC

Identify and mitigate potential issues at alternate storage site | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Identify and mitigate potential issues at alternate storage site
Id 13939f8c-4cd5-a6db-9af4-9dfec35e3722
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1271 - Identify and mitigate potential issues at alternate storage site
Additional metadata Name/Id: CMA_C1271 / CMA_C1271
Category: Operational
Title: Identify and mitigate potential issues at alternate storage site
Ownership: Customer
Description: The customer is responsible for identifying potential issues and mitigating actions to ensure accessibility to the established alternative storage site during disruption or disaster. Note: if the customer configures Microsoft Azure appropriately for reserving storage capacity in an alternate region, Azure can support the secure storage and retrieval of system data.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 10 compliance controls are associated with this Policy definition 'Identify and mitigate potential issues at alternate storage site' (13939f8c-4cd5-a6db-9af4-9dfec35e3722)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CP-6(3) FedRAMP_High_R4_CP-6(3) FedRAMP High CP-6 (3) Contingency Planning Accessibility Shared n/a The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions. Supplemental Guidance: Area-wide disruptions refer to those types of disruptions that are broad in geographic scope (e.g., hurricane, regional power outage) with such determinations made by organizations based on organizational assessments of risk. Explicit mitigation actions include, for example: (i) duplicating backup information at other alternate storage sites if access problems occur at originally designated alternate sites; or (ii) planning for physical access to retrieve backup information if electronic accessibility to the alternate site is disrupted. Related control: RA-3. link 1
FedRAMP_Moderate_R4 CP-6(3) FedRAMP_Moderate_R4_CP-6(3) FedRAMP Moderate CP-6 (3) Contingency Planning Accessibility Shared n/a The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions. Supplemental Guidance: Area-wide disruptions refer to those types of disruptions that are broad in geographic scope (e.g., hurricane, regional power outage) with such determinations made by organizations based on organizational assessments of risk. Explicit mitigation actions include, for example: (i) duplicating backup information at other alternate storage sites if access problems occur at originally designated alternate sites; or (ii) planning for physical access to retrieve backup information if electronic accessibility to the alternate site is disrupted. Related control: RA-3. link 1
hipaa 1464.09e2Organizational.5-09.e hipaa-1464.09e2Organizational.5-09.e 1464.09e2Organizational.5-09.e 14 Third Party Assurance 1464.09e2Organizational.5-09.e 09.02 Control Third Party Service Delivery Shared n/a The organization restricts the location of facilities that process, transmit or store covered information (e.g., to those located in the United States), as needed, based on its legal, regulatory, contractual and other security and privacy-related obligations. 5
hipaa 1622.09l2Organizational.23-09.l hipaa-1622.09l2Organizational.23-09.l 1622.09l2Organizational.23-09.l 16 Business Continuity & Disaster Recovery 1622.09l2Organizational.23-09.l 09.05 Information Back-Up Shared n/a The integrity and security of the backup copies are maintained to ensure future availability, and any potential accessibility problems with the backup copies are identified and mitigated in the event of an area-wide disaster. 4
ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Physical And Environmental Security Protecting against external and environmental threats Shared n/a Physical protection against natural disasters, malicious attack or accidents shall be designed and applied. link 9
ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Information Security Aspects Of Business Continuity Management Implementing information security continuity Shared n/a The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation. link 18
ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Information Security Aspects Of Business Continuity Management Availability of information processing facilities Shared n/a Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements. link 17
NIST_SP_800-53_R4 CP-6(3) NIST_SP_800-53_R4_CP-6(3) NIST SP 800-53 Rev. 4 CP-6 (3) Contingency Planning Accessibility Shared n/a The organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions. Supplemental Guidance: Area-wide disruptions refer to those types of disruptions that are broad in geographic scope (e.g., hurricane, regional power outage) with such determinations made by organizations based on organizational assessments of risk. Explicit mitigation actions include, for example: (i) duplicating backup information at other alternate storage sites if access problems occur at originally designated alternate sites; or (ii) planning for physical access to retrieve backup information if electronic accessibility to the alternate site is disrupted. Related control: RA-3. link 1
NIST_SP_800-53_R5 CP-6(3) NIST_SP_800-53_R5_CP-6(3) NIST SP 800-53 Rev. 5 CP-6 (3) Contingency Planning Accessibility Shared n/a Identify potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outline explicit mitigation actions. link 1
SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 9. Ensure Availability through Resilience Providers must ensure that the service remains available for customers in the event of a site disaster. Shared n/a Providers must ensure that the service remains available for customers in the event of a site disaster. link 13
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 13939f8c-4cd5-a6db-9af4-9dfec35e3722
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC