The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Additional metadata
Name/Id: CMA_C1575 / CMA_C1575 Category: Documentation Title: Obtain functional properties of security controls Ownership: Customer Description: The customer is responsible for obtaining a description of the functional properties of security controls to be employed from the developer of the corresponding customer-deployed resource(s). Note: Microsoft Azure hosts the customer-deployed system. The customer can find a description of the security controls employed by Azure below. Requirements: The customer is responsible for implementing this recommendation.
The following 7 compliance controls are associated with this Policy definition 'Obtain functional properties of security controls' (44b71aa8-099d-8b97-1557-0e853ec38e0d)
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed.
Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5.
The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed.
Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5.
17101.10a3Organizational.6-10.a 10.01 Security Requirements of Information Systems
Shared
n/a
The organization requires the developer of the information system, system component, or information system service to provide specific control design and implementation information.
The organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed.
Supplemental Guidance: Functional properties of security controls describe the functionality (i.e., security capability, functions, or mechanisms) visible at the interfaces of the controls and specifically exclude functionality and data structures internal to the operation of the controls. Related control: SA-5.
Require the developer of the system, system component, or system service to provide a description of the functional properties of the controls to be implemented.
Requirement 12: Support Information Security with Organizational Policies and Programs
Risk to information assets associated with third-party service provider (TPSP) relationships is managed
Shared
n/a
Written agreements with TPSPs are maintained as follows:
• Written agreements are maintained with all TPSPs with which account data is shared or that could affect the security of the CDE.
• Written agreements include acknowledgments from TPSPs that they are responsible for the security of account data the TPSPs possess or otherwise store, process, or transmit on behalf of the entity, or to the extent that they could impact the security of the entity’s CDE.
Requirement 12: Support Information Security with Organizational Policies and Programs
Risk to information assets associated with third-party service provider (TPSP) relationships is managed
Shared
n/a
Information is maintained about which PCI DSS requirements are managed by each TPSP, which are managed by the entity, and any that are shared between the TPSP and the entity.
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more