last sync: 2023-Jan-27 18:40:07 UTC

Azure Policy definition

Conduct capacity planning

Name Conduct capacity planning
Azure Portal
Id 33602e78-35e3-4f06-17fb-13dd887448e4
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1252 - Conduct capacity planning
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 10 compliance controls are associated with this Policy definition 'Conduct capacity planning' (33602e78-35e3-4f06-17fb-13dd887448e4)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CP-2(2) FedRAMP_High_R4_CP-2(2) FedRAMP High CP-2 (2) Contingency Planning Capacity Planning Shared n/a The organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations. Supplemental Guidance: Capacity planning is needed because different types of threats (e.g., natural disasters, targeted cyber attacks) can result in a reduction of the available processing, telecommunications, and support services originally intended to support the organizational missions/business functions. Organizations may need to anticipate degraded operations during contingency operations and factor such degradation into capacity planning. link 1
FedRAMP_Moderate_R4 CP-2(2) FedRAMP_Moderate_R4_CP-2(2) FedRAMP Moderate CP-2 (2) Contingency Planning Capacity Planning Shared n/a The organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations. Supplemental Guidance: Capacity planning is needed because different types of threats (e.g., natural disasters, targeted cyber attacks) can result in a reduction of the available processing, telecommunications, and support services originally intended to support the organizational missions/business functions. Organizations may need to anticipate degraded operations during contingency operations and factor such degradation into capacity planning. link 1
hipaa 1602.12c1Organizational.4567-12.c hipaa-1602.12c1Organizational.4567-12.c 1602.12c1Organizational.4567-12.c 16 Business Continuity & Disaster Recovery 1602.12c1Organizational.4567-12.c 12.01 Information Security Aspects of Business Continuity Management Shared n/a The contingency program addresses required capacity, identifies critical missions and business functions, defines recovery objectives and priorities, and identifies roles and responsibilities. 3
hipaa 1638.12b2Organizational.345-12.b hipaa-1638.12b2Organizational.345-12.b 1638.12b2Organizational.345-12.b 16 Business Continuity & Disaster Recovery 1638.12b2Organizational.345-12.b 12.01 Information Security Aspects of Business Continuity Management Shared n/a Business continuity risk assessments: (i) are carried out annually with full involvement from owners of business resources and processes; (ii) consider all business processes and is not limited to the information assets, but includes the results specific to information security; and, (iii) identifies, quantifies, and prioritizes risks against key business objectives and criteria relevant to the organization, including critical resources, impacts of disruptions, allowable outage times, and recovery priorities. 5
ISO27001-2013 A.12.1.3 ISO27001-2013_A.12.1.3 ISO 27001:2013 A.12.1.3 Operations Security Capacity management Shared n/a The use of resources shall be monitored, tuned, and projections made of future capacity requirements to ensure the required system performance. link 2
NIST_SP_800-53_R4 CP-2(2) NIST_SP_800-53_R4_CP-2(2) NIST SP 800-53 Rev. 4 CP-2 (2) Contingency Planning Capacity Planning Shared n/a The organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations. Supplemental Guidance: Capacity planning is needed because different types of threats (e.g., natural disasters, targeted cyber attacks) can result in a reduction of the available processing, telecommunications, and support services originally intended to support the organizational missions/business functions. Organizations may need to anticipate degraded operations during contingency operations and factor such degradation into capacity planning. link 1
NIST_SP_800-53_R5 CP-2(2) NIST_SP_800-53_R5_CP-2(2) NIST SP 800-53 Rev. 5 CP-2 (2) Contingency Planning Capacity Planning Shared n/a Conduct capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations. link 1
SOC_2 A1.1 SOC_2_A1.1 SOC 2 Type 2 A1.1 Additional Criteria For Availability Capacity management Shared The customer is responsible for implementing this recommendation. The entity maintains, monitors, and evaluates current processing capacity and use of system components (infrastructure, data, and software) to manage capacity demand and to enable the implementation of additional capacity to help meet its objectives. The following points of focus, which apply only to an engagement using the trust services criteria for availability, highlight important characteristics relating to this criterion: • Measures Current Usage — The use of the system components is measured to establish a baseline for capacity management and to use when evaluating the risk of impaired availability due to capacity constraints. • Forecasts Capacity — The expected average and peak use of system components is forecasted and compared to system capacity and associated tolerances. Forecasting considers capacity in the event of the failure of system components that constrain capacity. • Makes Changes Based on Forecasts — The system change management process is initiated when forecasted usage exceeds capacity tolerances 1
SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 8. Set and Monitor Performance Ensure availability, capacity, and quality of services to customers Shared n/a Ensure availability, capacity, and quality of services to customers link 7
SWIFT_CSCF_v2022 9.4 SWIFT_CSCF_v2022_9.4 SWIFT CSCF v2022 9.4 9. Ensure Availability through Resilience Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth Shared n/a Providers' availability and quality of service is ensured through usage of the recommended SWIFT connectivity packs and the appropriate line bandwidth link 5
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add 33602e78-35e3-4f06-17fb-13dd887448e4
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
JSON
changes

JSON