last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Manage compliance activities

Name Manage compliance activities
Azure Portal
Id 4e400494-53a5-5147-6f4d-718b539c7394
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_0358 - Manage compliance activities
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 5 compliance controls are associated with this Policy definition 'Manage compliance activities' (4e400494-53a5-5147-6f4d-718b539c7394)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 1901.06d1Organizational.1-06.d hipaa-1901.06d1Organizational.1-06.d 1901.06d1Organizational.1-06.d 19 Data Protection & Privacy 1901.06d1Organizational.1-06.d 06.01 Compliance with Legal Requirements Shared n/a The organization has formally appointed a qualified data protection officer, reporting to senior management, and who is directly and fully responsible for the privacy of covered information. 3
hipaa 19134.05j1Organizational.5-05.j hipaa-19134.05j1Organizational.5-05.j 19134.05j1Organizational.5-05.j 19 Data Protection & Privacy 19134.05j1Organizational.5-05.j 05.02 External Parties Shared n/a The public has access to information about the organization's security and privacy activities and is able to communicate with its senior security official and senior privacy official. 12
ISO27001-2013 A.18.1.4 ISO27001-2013_A.18.1.4 ISO 27001:2013 A.18.1.4 Compliance Privacy and protection of personally identifiable information Shared n/a Privacy and protection of personally identifiable information shall be ensured as required in relevant legislation and regulation where applicable. link 6
ISO27001-2013 A.5.1.1 ISO27001-2013_A.5.1.1 ISO 27001:2013 A.5.1.1 Information Security Policies Policies for information security Shared n/a A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties. link 42
PCI_DSS_v4.0 12.4.1 PCI_DSS_v4.0_12.4.1 PCI DSS v4.0 12.4.1 Requirement 12: Support Information Security with Organizational Policies and Programs PCI DSS compliance is managed Shared n/a Responsibility is established by executive management for the protection of cardholder data and a PCI DSS compliance program to include: • Overall accountability for maintaining PCI DSS compliance. • Defining a charter for a PCI DSS compliance program and communication to executive management. link 5
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 4e400494-53a5-5147-6f4d-718b539c7394
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
JSON