AzPolicyAdvertizer

last sync: 2025-Sep-02 17:23:25 UTC

Protect the information security program plan | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Protect the information security program plan

2e7a98c9-219f-0d58-38dc-d69038224442

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1732 - Protect the information security program plan

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'

Additional metadata

Name/Id: CMA_C1732 / CMA_C1732
Category: Documentation
Title: Protect the information security program plan
Ownership: Customer
Description: The customer is responsible for protecting the information security program plan from unauthorized disclosure and modification.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)

Microsoft.Resources/subscriptions

Compliance

The following 13 compliance controls are associated with this Policy definition 'Protect the information security program plan' (2e7a98c9-219f-0d58-38dc-d69038224442)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
hipaa	0101.00a1Organizational.123-00.a	hipaa-0101.00a1Organizational.123-00.a	0101.00a1Organizational.123-00.a	01 Information Protection Program	0101.00a1Organizational.123-00.a 0.01 Information Security Management Program	Shared	n/a	The organization has a formal information protection program based on an accepted industry framework that is reviewed and updated as needed.		5
hipaa	0113.04a1Organizational.123-04.a	hipaa-0113.04a1Organizational.123-04.a	0113.04a1Organizational.123-04.a	01 Information Protection Program	0113.04a1Organizational.123-04.a 04.01 Information Security Policy	Shared	n/a	Information security objectives, approach, scope, importance, goals, and principles for the organization’s security program are formally identified, communicated throughout the organization to users in a form that is relevant, accessible, and understandable to the intended reader; and supported by a controls framework that considers legislative, regulatory, contractual requirements, and other policy-related requirements.		3
ISO27001-2013	A.18.1.1	ISO27001-2013_A.18.1.1	ISO 27001:2013 A.18.1.1	Compliance	Identification applicable legislation and contractual requirements	Shared	n/a	All relevant legislative statutory, regulatory, contractual requirements and the organization's approach to meet these requirements shall be explicitly identified, documented and kept up to date for each information system and the organization.	link	30
ISO27001-2013	A.18.2.2	ISO27001-2013_A.18.2.2	ISO 27001:2013 A.18.2.2	Compliance	Compliance with security policies and standards	Shared	n/a	Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements.	link	36
ISO27001-2013	A.5.1.1	ISO27001-2013_A.5.1.1	ISO 27001:2013 A.5.1.1	Information Security Policies	Policies for information security	Shared	n/a	A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties.	link	42
ISO27001-2013	A.5.1.2	ISO27001-2013_A.5.1.2	ISO 27001:2013 A.5.1.2	Information Security Policies	Review of the policies for information security	Shared	n/a	The policies for information security shall be reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness.	link	29
ISO27001-2013	A.6.1.1	ISO27001-2013_A.6.1.1	ISO 27001:2013 A.6.1.1	Organization of Information Security	Information security roles and responsibilities	Shared	n/a	All information security responsibilities shall be clearly defined and allocated.	link	73
	mp.info.1 Personal data	mp.info.1 Personal data	404 not found				n/a	n/a		33
	mp.info.6 Backups	mp.info.6 Backups	404 not found				n/a	n/a		65
	mp.s.2 Protection of web services and applications	mp.s.2 Protection of web services and applications	404 not found				n/a	n/a		102
	org.1 Security policy	org.1 Security policy	404 not found				n/a	n/a		94
	org.2 Security regulations	org.2 Security regulations	404 not found				n/a	n/a		100
	org.4 Authorization process	org.4 Authorization process	404 not found				n/a	n/a		126

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn	unknown
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA	BuiltIn	true
Spain ENS	175daf90-21e1-4fec-b745-7b4c909aa94c	Regulatory Compliance	GA	BuiltIn	unknown

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	2e7a98c9-219f-0d58-38dc-d69038224442

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC