last sync: 2024-Jun-13 18:14:14 UTC

Microsoft Managed Control 1156 - Plan Of Action And Milestones | Regulatory Compliance - Security Assessment and Authorization

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1156 - Plan Of Action And Milestones
Id 4d52e864-9a3b-41ee-8f03-520815fe5378
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Security Assessment and Authorization control
Additional metadata Name/Id: ACF1156 / Microsoft Managed Control 1156
Category: Security Assessment and Authorization
Title: Plan of Action And Milestones - Development
Ownership: Customer, Microsoft
Description: The organization: Develops a plan of action and milestones for the information system to document the organization's planned remedial actions to correct weaknesses or deficiencies noted during the assessment of the security controls and to reduce or eliminate known vulnerabilities in the system; and
Requirements: Azure develops plans of action and milestones (POA&Ms) in accordance with Office of Management and Budget guidance and certification requirements. POA&Ms are developed and maintained by Azure. The POA&M report is also updated monthly when vulnerability scans are run and any new vulnerabilities are identified, annually during security assessments, and as needed as a part of continuous monitoring activities. The POA&M is submitted as part of the Azure Security Authorization Package provided to the authorizing officials.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC