| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1165 - Continuous Monitoring | ||
| Id | 47e10916-6c9e-446b-b0bd-ff5fd439d79d | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Security Assessment and Authorization control | ||
| Cloud environments | AzureCloud = true AzureUSGovernment = true AzureChinaCloud = unknown |
||
| Available in AzUSGov | The Policy is available in AzureUSGovernment cloud. Version: '1.0.0' Repository: Azure-Policy 47e10916-6c9e-446b-b0bd-ff5fd439d79d |
||
| Additional metadata |
Name/Id: ACF1165 / Microsoft Managed Control 1165 Category: Security Assessment and Authorization Title: Continuous Monitoring - Findings Correlation And Analysis Ownership: Customer, Microsoft Description: The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: Correlation and analysis of security-related information generated by assessments and monitoring; Requirements: The Azure Continuous Monitoring team performs correlation and analysis of security-related information generated by assessments and monitoring, including vulnerability scan results, POA&M updates, and recurring control testing. Vulnerabilities are assessed if they are actionable (i.e. requiring remediation), risk reduced, false positive, or risk accepted. Azure mitigates all discovered high-risk vulnerabilities within thirty (30) days, all moderate-risk vulnerabilities within ninety (90) days, and all low-risk vulnerabilities within one hundred and eighty (180) days. The results are summarized into the Continuous Monitoring Reports and are input into the POA&M for tracking if applicable. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|