last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1497 - System Security Plan | Plan / Coordinate With Other Organizational Entities | Regulatory Compliance - Planning

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1497 - System Security Plan | Plan / Coordinate With Other Organizational Entities
Id 2e3c5583-1729-4d36-8771-59c32f090a22
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Planning control
Additional metadata Name/Id: ACF1497 / Microsoft Managed Control 1497
Category: Planning
Title: System Security Plan | Plan / Coordinate With Other Organizational Entities
Ownership: Customer, Microsoft
Description: The organization plans and coordinates security-related activities affecting the information system with Service Engineer Operations personnel, Microsoft Azure’s Infrastructure personnel before conducting such activities in order to reduce the impact on other organizational entities.
Requirements: The Microsoft Security Policy and associated standards establishes coordination requirements among organizations in order to determine if security-related activities are going to affect Azure. Azure plans and coordinates security-related activities to ensure they do not adversely affect operations. Key operating personnel from each service team assist with change control board and policy reviews that relate to security activities. Individuals assigned to these roles understand the significance of the ongoing security-related activities (security assessments, audits, system hardware and software maintenance, vulnerability scanning and patching, security certifications, and testing exercises), the potential impact on the system, and the necessary support for such activities. If activities involve Azure’s Infrastructure, those teams are included in planning as well. Azure has a formal technology strategy that is maintained and updated annually to align the strategy with business goals and objectives. Azure plans and coordinates security-related activities such as application and infrastructure upgrades, security audits and testing, and continuity planning exercises affecting the information system with C+AI Security management before conducting such activities in order to reduce the impact on organizational operations, organizational assets, individuals, and Azure customers.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC