AzPolicyAdvertizer

last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Protect the information security program plan

Name Protect the information security program plan
Azure Portal
Id 2e7a98c9-219f-0d58-38dc-d69038224442
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1732 - Protect the information security program plan
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)		 none
Rule
Aliases
Rule
ResourceTypes		 IF (1)
Microsoft.Resources/subscriptions
Compliance The following 7 compliance controls are associated with this Policy definition 'Protect the information security program plan' (2e7a98c9-219f-0d58-38dc-d69038224442)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 01 Information Protection Program 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program Shared n/a The organization has a formal information protection program based on an accepted industry framework that is reviewed and updated as needed. 5
hipaa 0113.04a1Organizational.123-04.a hipaa-0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 01 Information Protection Program 0113.04a1Organizational.123-04.a 04.01 Information Security Policy Shared n/a Information security objectives, approach, scope, importance, goals, and principles for the organization’s security program are formally identified, communicated throughout the organization to users in a form that is relevant, accessible, and understandable to the intended reader; and supported by a controls framework that considers legislative, regulatory, contractual requirements, and other policy-related requirements. 3
ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Compliance Identification applicable legislation and contractual requirements Shared n/a All relevant legislative statutory, regulatory, contractual requirements and the organization's approach to meet these requirements shall be explicitly identified, documented and kept up to date for each information system and the organization. link 30
ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance Compliance with security policies and standards Shared n/a Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements. link 36
ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Information Security Policies Policies for information security Shared n/a A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties. link 42
ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Information Security Policies Review of the policies for information security Shared n/a The policies for information security shall be reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness. link 29
ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Organization of Information Security Information security roles and responsibilities Shared n/a All information security responsibilities shall be clearly defined and allocated. link 73
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 2e7a98c9-219f-0d58-38dc-d69038224442
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
JSON