AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Employ business case to record the resources required | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Employ business case to record the resources required

2d14ff7e-6ff9-838c-0cde-4962ccdb1689

Version

1.1.0
Details on versioning

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1735 - Employ business case to record the resources required

Additional metadata

Name/Id: CMA_C1735 / CMA_C1735
Category: Documentation
Title: Employ business case to record the resources required
Ownership: Customer
Description: The customer is responsible for employing a business case/Exhibit 300/Exhibit 53 to record the resources required.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 5 compliance controls are associated with this Policy definition 'Employ business case to record the resources required' (2d14ff7e-6ff9-838c-0cde-4962ccdb1689)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
hipaa	0120.05a1Organizational.4-05.a	hipaa-0120.05a1Organizational.4-05.a	0120.05a1Organizational.4-05.a	01 Information Protection Program	0120.05a1Organizational.4-05.a 05.01 Internal Organization	Shared	n/a	Capital planning and investment requests include the resources needed to implement the security program, employ a business case (or Exhibit 300 and/or 53 for federal government); and the organization ensures the resources are available for expenditure as planned.		8
ISO27001-2013	C.4.3.c	ISO27001-2013_C.4.3.c	ISO 27001:2013 C.4.3.c	Context of the organization	Determining the scope of the information security management system	Shared	n/a	The organization shall determine the boundaries and applicability of the information security management system to establish its scope. When determining this scope, the organization shall consider: c) interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations. The scope shall be available as documented information.	link	18
ISO27001-2013	C.5.1.c	ISO27001-2013_C.5.1.c	ISO 27001:2013 C.5.1.c	Leadership	Leadership and commitment	Shared	n/a	Top management shall demonstrate leadership and commitment with respect to the information security management system by: c) ensuring that the resources needed for the information security management system are available.	link	10
ISO27001-2013	C.5.1.f	ISO27001-2013_C.5.1.f	ISO 27001:2013 C.5.1.f	Leadership	Leadership and commitment	Shared	n/a	Top management shall demonstrate leadership and commitment with respect to the information security management system by: f) directing and supporting persons to contribute to the effectiveness of the information security management system.	link	9
ISO27001-2013	C.7.1	ISO27001-2013_C.7.1	ISO 27001:2013 C.7.1	Support	Resources	Shared	n/a	The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the information security management system.	link	7

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	2d14ff7e-6ff9-838c-0cde-4962ccdb1689

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC