| Source | Azure Portal | |||||||||||||||||||||||||||||||||
| Display name | Microsoft Managed Control 1545 - Risk Assessment | |||||||||||||||||||||||||||||||||
| Id | 3f4b171a-a56b-4328-8112-32cf7f947ee1 | |||||||||||||||||||||||||||||||||
| Version | 1.0.0 Details on versioning |
|||||||||||||||||||||||||||||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
|||||||||||||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
|||||||||||||||||||||||||||||||||
| Description | Microsoft implements this Risk Assessment control | |||||||||||||||||||||||||||||||||
| Cloud environments | AzureCloud = true AzureUSGovernment = true AzureChinaCloud = unknown |
|||||||||||||||||||||||||||||||||
| Available in AzUSGov | The Policy is available in AzureUSGovernment cloud. Version: '1.0.0' Repository: Azure-Policy 3f4b171a-a56b-4328-8112-32cf7f947ee1 |
|||||||||||||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1545 / Microsoft Managed Control 1545 Category: Risk Assessment Title: Risk Assessment - Update Assessments: Changes, Impacting Conditions Ownership: Customer, Microsoft Description: The organization: Updates the risk assessment annually or when a significant change occurs or whenever there are significant changes to the information system or environment of operation (including the identification of new threats and vulnerabilities), or other conditions that may impact the security state of the system. Requirements: The risk assessment is completed as part of the original security authorization package and is updated by Microsoft annually, or when a significant change occurs as defined in NIST SP 800-37 Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems, Appendix F, Page F-7. The information system may require an update to the risk assessment including, but not limited to, when one or more of the following circumstances occur: * Addition or replacement of a major component or a significant part of a major system * A change in security mode of operation * A change in interfacing systems * A significant change to the operating system or executive software * A breach of security, violation of system integrity, or any unusual situation that appears to invalidate the accreditation * A significant change to the physical structure housing the information system or environment of the information system that could affect the physical security described in the accreditation * A significant change to the threat that could adversely affect the systems * A significant change to the availability of safeguards * A significant change to the user population If any of these events should occur, the SSP and other affected Security Authorization Process documentation are updated to reflect the new information system components, or new operating environment. Changes are coordinated with the Azure authorizing officials and an updated package submitted for review and consideration. |
|||||||||||||||||||||||||||||||||
| Mode | Indexed | |||||||||||||||||||||||||||||||||
| Type | Static | |||||||||||||||||||||||||||||||||
| Preview | False | |||||||||||||||||||||||||||||||||
| Deprecated | False | |||||||||||||||||||||||||||||||||
| Effect | Fixed audit |
|||||||||||||||||||||||||||||||||
| RBAC role(s) | none | |||||||||||||||||||||||||||||||||
| Rule aliases | none | |||||||||||||||||||||||||||||||||
| Rule resource types | IF (2) |
|||||||||||||||||||||||||||||||||
| Compliance |
The following 2 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1545 - Risk Assessment' (3f4b171a-a56b-4328-8112-32cf7f947ee1)
| |||||||||||||||||||||||||||||||||
| Initiatives usage |
|
|||||||||||||||||||||||||||||||||
| History | none | |||||||||||||||||||||||||||||||||
| JSON compare | n/a | |||||||||||||||||||||||||||||||||
| JSON |
|