AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

Microsoft Managed Control 1544 - Risk Assessment | Regulatory Compliance - Risk Assessment

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Microsoft Managed Control 1544 - Risk Assessment

43ced7c9-cd53-456b-b0da-2522649a4271

Version

1.0.0
Details on versioning

Versioning

Versions supported for Versioning: 0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

Microsoft implements this Risk Assessment control

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy 43ced7c9-cd53-456b-b0da-2522649a4271

Additional metadata

Name/Id: ACF1544 / Microsoft Managed Control 1544
Category: Risk Assessment
Title: Risk Assessment - Disseminate Results to Defined Personnel
Ownership: Customer, Microsoft
Description: The organization: Disseminates risk assessment results to personnel or roles with risk assessment responsibilities, as well as AOs and FedRAMP ISSOs; and
Requirements: Azure submits risk assessment results to Azure management, including the Azure Program Managers. The annual SAR is submitted to the FedRAMP JAB, DISA/DoD authorizing officials, and other regulators as required who review the package for sufficiency. Internally, the SAR is used to update the POA&M submissions.

Mode

Indexed

Type

Static

Preview

False

Deprecated

False

Effect

Fixed
audit

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (2)

Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups

Compliance

The following 2 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1544 - Risk Assessment' (43ced7c9-cd53-456b-b0da-2522649a4271)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
NIS2	LT._Logging_and_Threat_Detection_1	NIS2_LT._Logging_and_Threat_Detection_1	NIS2_LT._Logging_and_Threat_Detection_1	LT. Logging and Threat Detection	Risk analysis & information system security policies		n/a	Responsibility for ensuring the security of network and information system lies, to a great extent, with essential and important entities. A culture of risk management, involving risk assessments and the implementation of cybersecurity risk-management measures appropriate to the risks faced, should be promoted and developed. In order to avoid imposing a disproportionate financial and administrative burden on essential and important entities, the cybersecurity risk-management measures should be proportionate to the risks posed to the network and information system concerned, taking into account the state-of-the-art of such measures, and, where applicable, relevant European and international standards, as well as the cost for their implementation.		24
	op.pl.1 Risk analysis	op.pl.1 Risk analysis	404 not found				n/a	n/a		70

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
[Preview]: NIS2	32ff9e30-4725-4ca7-ba3a-904a7721ee87	Regulatory Compliance	Preview	BuiltIn	unknown
Spain ENS	175daf90-21e1-4fec-b745-7b4c909aa94c	Regulatory Compliance	GA	BuiltIn	unknown

History

none

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC