last sync: 2024-Jun-13 18:14:14 UTC

Microsoft Managed Control 1151 - System Interconnections | Regulatory Compliance - Security Assessment and Authorization

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1151 - System Interconnections
Id 347e3b69-7fb7-47df-a8ef-71a1a7b44bca
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Security Assessment and Authorization control
Additional metadata Name/Id: ACF1151 / Microsoft Managed Control 1151
Category: Security Assessment and Authorization
Title: System Interconnections - Interconnection Security Agreements
Ownership: Customer, Microsoft
Description: The organization: Authorizes connections from the information system to other information systems through the use of Interconnection Security Agreements;
Requirements: Azure authorizes connections from the information system to other information systems outside of the authorization boundary through the use of vendor agreements, Memoranda of Understanding (MOUs), Interconnection Security Agreements (ISAs), Terms of Conditions (T&C), and/or Service Level Agreements (SLAs). Microsoft has developed the necessary vendor agreements, MOUs, ISAs, T&C, and SLAs that document connections outside of the Federal authorization boundary. Azure follows guidance regarding government agencies in that Interconnection Security Agreements (ISAs) are not designed for use between a CSP and Federal Agency. An Agency ATO memo should be the governing document for Agency and Azure interaction and security requirement communications. The only interconnections are between internal Microsoft services, which do not require ISAs. At this time, Azure does not have any dependencies on information systems external to Microsoft that require ISAs.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC