| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1497 - System Security Plan | Plan / Coordinate With Other Organizational Entities | ||
| Id | 2e3c5583-1729-4d36-8771-59c32f090a22 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Planning control | ||
| Additional metadata |
Name/Id: ACF1497 / Microsoft Managed Control 1497 Category: Planning Title: System Security Plan | Plan / Coordinate With Other Organizational Entities Ownership: Customer, Microsoft Description: The organization plans and coordinates security-related activities affecting the information system with Service Engineer Operations personnel, Microsoft Azure’s Infrastructure personnel before conducting such activities in order to reduce the impact on other organizational entities. Requirements: The Microsoft Security Policy and associated standards establishes coordination requirements among organizations in order to determine if security-related activities are going to affect Azure. Azure plans and coordinates security-related activities to ensure they do not adversely affect operations. Key operating personnel from each service team assist with change control board and policy reviews that relate to security activities. Individuals assigned to these roles understand the significance of the ongoing security-related activities (security assessments, audits, system hardware and software maintenance, vulnerability scanning and patching, security certifications, and testing exercises), the potential impact on the system, and the necessary support for such activities. If activities involve Azure’s Infrastructure, those teams are included in planning as well. Azure has a formal technology strategy that is maintained and updated annually to align the strategy with business goals and objectives. Azure plans and coordinates security-related activities such as application and infrastructure upgrades, security audits and testing, and continuity planning exercises affecting the information system with C+AI Security management before conducting such activities in order to reduce the impact on organizational operations, organizational assets, individuals, and Azure customers. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|