last sync: 2024-Mar-01 17:50:27 UTC

Microsoft Managed Control 1165 - Continuous Monitoring | Regulatory Compliance - Security Assessment and Authorization

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1165 - Continuous Monitoring
Id 47e10916-6c9e-446b-b0bd-ff5fd439d79d
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Security Assessment and Authorization control
Additional metadata Name/Id: ACF1165 / Microsoft Managed Control 1165
Category: Security Assessment and Authorization
Title: Continuous Monitoring - Findings Correlation And Analysis
Ownership: Customer, Microsoft
Description: The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: Correlation and analysis of security-related information generated by assessments and monitoring;
Requirements: The Azure Continuous Monitoring team performs correlation and analysis of security-related information generated by assessments and monitoring, including vulnerability scan results, POA&M updates, and recurring control testing. Vulnerabilities are assessed if they are actionable (i.e. requiring remediation), risk reduced, false positive, or risk accepted. Azure mitigates all discovered high-risk vulnerabilities within thirty (30) days, all moderate-risk vulnerabilities within ninety (90) days, and all low-risk vulnerabilities within one hundred and eighty (180) days. The results are summarized into the Continuous Monitoring Reports and are input into the POA&M for tracking if applicable.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC