last sync: 2023-Jun-06 18:29:21 UTC

Azure Policy definition

Obtain functional properties of security controls

Name Obtain functional properties of security controls
Azure Portal
Id 44b71aa8-099d-8b97-1557-0e853ec38e0d
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1575 - Obtain functional properties of security controls
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 7 compliance controls are associated with this Policy definition 'Obtain functional properties of security controls' (44b71aa8-099d-8b97-1557-0e853ec38e0d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SA-4(1) FedRAMP_High_R4_SA-4(1) FedRAMP High SA-4 (1) System And Services Acquisition Functional Properties Of Security Controls Shared n/a The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed. Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5. link 1
FedRAMP_Moderate_R4 SA-4(1) FedRAMP_Moderate_R4_SA-4(1) FedRAMP Moderate SA-4 (1) System And Services Acquisition Functional Properties Of Security Controls Shared n/a The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed. Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5. link 1
hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17 Risk Management 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems Shared n/a The organization requires the developer of the information system, system component, or information system service to provide specific control design and implementation information. 7
NIST_SP_800-53_R4 SA-4(1) NIST_SP_800-53_R4_SA-4(1) NIST SP 800-53 Rev. 4 SA-4 (1) System And Services Acquisition Functional Properties Of Security Controls Shared n/a The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed. Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5. link 1
NIST_SP_800-53_R5 SA-4(1) NIST_SP_800-53_R5_SA-4(1) NIST SP 800-53 Rev. 5 SA-4 (1) System and Services Acquisition Functional Properties of Controls Shared n/a Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented. link 1
PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Requirement 12: Support Information Security with Organizational Policies and Programs Risk to information assets associated with third-party service provider (TPSP) relationships is managed Shared n/a Written agreements with TPSPs are maintained as follows: • Written agreements are maintained with all TPSPs with which account data is shared or that could affect the security of the CDE. • Written agreements include acknowledgments from TPSPs that they are responsible for the security of account data the TPSPs possess or otherwise store, process, or transmit on behalf of the entity, or to the extent that they could impact the security of the entity’s CDE. link 15
PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Requirement 12: Support Information Security with Organizational Policies and Programs Risk to information assets associated with third-party service provider (TPSP) relationships is managed Shared n/a Information is maintained about which PCI DSS requirements are managed by each TPSP, which are managed by the entity, and any that are shared between the TPSP and the entity. link 13
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 44b71aa8-099d-8b97-1557-0e853ec38e0d
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
JSON