last sync: 2024-Apr-24 17:46:58 UTC

Microsoft Managed Control 1545 - Risk Assessment | Regulatory Compliance - Risk Assessment

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1545 - Risk Assessment
Id 3f4b171a-a56b-4328-8112-32cf7f947ee1
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Risk Assessment control
Additional metadata Name/Id: ACF1545 / Microsoft Managed Control 1545
Category: Risk Assessment
Title: Risk Assessment - Update Assessments: Changes, Impacting Conditions
Ownership: Customer, Microsoft
Description: The organization: Updates the risk assessment annually or when a significant change occurs or whenever there are significant changes to the information system or environment of operation (including the identification of new threats and vulnerabilities), or other conditions that may impact the security state of the system.
Requirements: The risk assessment is completed as part of the original security authorization package and is updated by Microsoft annually, or when a significant change occurs as defined in NIST SP 800-37 Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems, Appendix F, Page F-7. The information system may require an update to the risk assessment including, but not limited to, when one or more of the following circumstances occur: * Addition or replacement of a major component or a significant part of a major system * A change in security mode of operation * A change in interfacing systems * A significant change to the operating system or executive software * A breach of security, violation of system integrity, or any unusual situation that appears to invalidate the accreditation * A significant change to the physical structure housing the information system or environment of the information system that could affect the physical security described in the accreditation * A significant change to the threat that could adversely affect the systems * A significant change to the availability of safeguards * A significant change to the user population If any of these events should occur, the SSP and other affected Security Authorization Process documentation are updated to reflect the new information system components, or new operating environment. Changes are coordinated with the Azure authorizing officials and an updated package submitted for review and consideration.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC