| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1149 - Security Assessments | Specialized Assessments | ||
| Id | 2e1b855b-a013-481a-aeeb-2bcb129fd35d | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Security Assessment and Authorization control | ||
| Additional metadata |
Name/Id: ACF1149 / Microsoft Managed Control 1149 Category: Security Assessment and Authorization Title: Security Assessments | Specialized Assessments Ownership: Customer, Microsoft Description: The organization includes as part of security control assessments, Annually, announced, vulnerability scanning. Requirements: The Third Party Assessment Organization (3PAO) assesses at least one third of all controls each year in accordance with continuous monitoring requirements, ensuring that all controls are assessed at least every three years. Other criteria, such as significant changes to the system or changes in risk posture and vulnerabilities, may trigger assessments. The Third Party Assessment Organization (3PAO) performs penetration testing at least annually. The Penetration Test Report covers Azure system components identified as part of the authorization boundary. Additionally, in-depth monitoring is performed by the Security Response Team on a continuous basis as a part of incident management. The Third Party Assessment Organization (3PAO) also performs an independent validation of all vulnerability scanning conducted by Azure. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|