last sync: 2024-Oct-11 17:51:27 UTC

Obtain functional properties of security controls | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Obtain functional properties of security controls
Id 44b71aa8-099d-8b97-1557-0e853ec38e0d
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1575 - Obtain functional properties of security controls
Additional metadata Name/Id: CMA_C1575 / CMA_C1575
Category: Documentation
Title: Obtain functional properties of security controls
Ownership: Customer
Description: The customer is responsible for obtaining a description of the functional properties of security controls to be employed from the developer of the corresponding customer-deployed resource(s). Note: Microsoft Azure hosts the customer-deployed system. The customer can find a description of the security controls employed by Azure below.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 7 compliance controls are associated with this Policy definition 'Obtain functional properties of security controls' (44b71aa8-099d-8b97-1557-0e853ec38e0d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SA-4(1) FedRAMP_High_R4_SA-4(1) FedRAMP High SA-4 (1) System And Services Acquisition Functional Properties Of Security Controls Shared n/a The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed. Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5. link 1
FedRAMP_Moderate_R4 SA-4(1) FedRAMP_Moderate_R4_SA-4(1) FedRAMP Moderate SA-4 (1) System And Services Acquisition Functional Properties Of Security Controls Shared n/a The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed. Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5. link 1
hipaa 17101.10a3Organizational.6-10.a hipaa-17101.10a3Organizational.6-10.a 17101.10a3Organizational.6-10.a 17 Risk Management 17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems Shared n/a The organization requires the developer of the information system, system component, or information system service to provide specific control design and implementation information. 7
NIST_SP_800-53_R4 SA-4(1) NIST_SP_800-53_R4_SA-4(1) NIST SP 800-53 Rev. 4 SA-4 (1) System And Services Acquisition Functional Properties Of Security Controls Shared n/a The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed. Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5. link 1
NIST_SP_800-53_R5 SA-4(1) NIST_SP_800-53_R5_SA-4(1) NIST SP 800-53 Rev. 5 SA-4 (1) System and Services Acquisition Functional Properties of Controls Shared n/a Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented. link 1
PCI_DSS_v4.0 12.8.2 PCI_DSS_v4.0_12.8.2 PCI DSS v4.0 12.8.2 Requirement 12: Support Information Security with Organizational Policies and Programs Risk to information assets associated with third-party service provider (TPSP) relationships is managed Shared n/a Written agreements with TPSPs are maintained as follows: • Written agreements are maintained with all TPSPs with which account data is shared or that could affect the security of the CDE. • Written agreements include acknowledgments from TPSPs that they are responsible for the security of account data the TPSPs possess or otherwise store, process, or transmit on behalf of the entity, or to the extent that they could impact the security of the entity’s CDE. link 15
PCI_DSS_v4.0 12.8.5 PCI_DSS_v4.0_12.8.5 PCI DSS v4.0 12.8.5 Requirement 12: Support Information Security with Organizational Policies and Programs Risk to information assets associated with third-party service provider (TPSP) relationships is managed Shared n/a Information is maintained about which PCI DSS requirements are managed by each TPSP, which are managed by the entity, and any that are shared between the TPSP and the entity. link 13
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 44b71aa8-099d-8b97-1557-0e853ec38e0d
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC