last sync: 2024-Jun-13 18:14:14 UTC

Protect the information security program plan | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Protect the information security program plan
Id 2e7a98c9-219f-0d58-38dc-d69038224442
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1732 - Protect the information security program plan
Additional metadata Name/Id: CMA_C1732 / CMA_C1732
Category: Documentation
Title: Protect the information security program plan
Ownership: Customer
Description: The customer is responsible for protecting the information security program plan from unauthorized disclosure and modification.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 13 compliance controls are associated with this Policy definition 'Protect the information security program plan' (2e7a98c9-219f-0d58-38dc-d69038224442)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 0101.00a1Organizational.123-00.a hipaa-0101.00a1Organizational.123-00.a 0101.00a1Organizational.123-00.a 01 Information Protection Program 0101.00a1Organizational.123-00.a 0.01 Information Security Management Program Shared n/a The organization has a formal information protection program based on an accepted industry framework that is reviewed and updated as needed. 5
hipaa 0113.04a1Organizational.123-04.a hipaa-0113.04a1Organizational.123-04.a 0113.04a1Organizational.123-04.a 01 Information Protection Program 0113.04a1Organizational.123-04.a 04.01 Information Security Policy Shared n/a Information security objectives, approach, scope, importance, goals, and principles for the organization’s security program are formally identified, communicated throughout the organization to users in a form that is relevant, accessible, and understandable to the intended reader; and supported by a controls framework that considers legislative, regulatory, contractual requirements, and other policy-related requirements. 3
ISO27001-2013 A.18.1.1 ISO27001-2013_A.18.1.1 ISO 27001:2013 A.18.1.1 Compliance Identification applicable legislation and contractual requirements Shared n/a All relevant legislative statutory, regulatory, contractual requirements and the organization's approach to meet these requirements shall be explicitly identified, documented and kept up to date for each information system and the organization. link 30
ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance Compliance with security policies and standards Shared n/a Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements. link 36
ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Information Security Policies Policies for information security Shared n/a A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties. link 42
ISO27001-2013 A.5.1.2 ISO27001-2013_A.5.1.2 ISO 27001:2013 A.5.1.2 Information Security Policies Review of the policies for information security Shared n/a The policies for information security shall be reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness. link 29
ISO27001-2013 A.6.1.1 ISO27001-2013_A.6.1.1 ISO 27001:2013 A.6.1.1 Organization of Information Security Information security roles and responsibilities Shared n/a All information security responsibilities shall be clearly defined and allocated. link 73
mp.info.1 Personal data mp.info.1 Personal data 404 not found n/a n/a 33
mp.info.6 Backups mp.info.6 Backups 404 not found n/a n/a 65
mp.s.2 Protection of web services and applications mp.s.2 Protection of web services and applications 404 not found n/a n/a 102
org.1 Security policy org.1 Security policy 404 not found n/a n/a 94
org.2 Security regulations org.2 Security regulations 404 not found n/a n/a 100
org.4 Authorization process org.4 Authorization process 404 not found n/a n/a 127
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 2e7a98c9-219f-0d58-38dc-d69038224442
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC