last sync: 2024-Jun-24 18:15:26 UTC

Manage contacts for authorities and special interest groups | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Manage contacts for authorities and special interest groups
Id 5269d7e4-3768-501d-7e46-66c56c15622c
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_0359 - Manage contacts for authorities and special interest groups
Additional metadata Name/Id: CMA_0359 / CMA_0359
Category: Operational
Title: Manage contacts for authorities and special interest groups
Ownership: Customer
Description: Microsoft recommends that your organization identify and manage the appropriate contacts with authorities, special interest groups, or other specialist security forums and professional associations. It is recommended that your organization consider how the contact is to be made, by whom, under what circumstances, and the nature of the information to be provided. Your organization can also coordinate with authorities, special interest groups, and other specialist security forums and professional associations on incident awareness and for other effective incident responses on incidents to achieve a cross-organization perspective.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 7 compliance controls are associated with this Policy definition 'Manage contacts for authorities and special interest groups' (5269d7e4-3768-501d-7e46-66c56c15622c)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 0123.05a2Organizational.4-05.a hipaa-0123.05a2Organizational.4-05.a 0123.05a2Organizational.4-05.a 01 Information Protection Program 0123.05a2Organizational.4-05.a 05.01 Internal Organization Shared n/a Security contacts are formally appointed in writing for each major organizational area or business unit. 2
hipaa 1506.11a1Organizational.2-11.a hipaa-1506.11a1Organizational.2-11.a 1506.11a1Organizational.2-11.a 15 Incident Management 1506.11a1Organizational.2-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a There is a point of contact for reporting information security events who is made known throughout the organization, always available, and able to provide adequate and timely response. The organization also maintains a list of third-party contact information (e.g., the email addresses of their information security officers), which can be used to report a security incident. 10
ISO27001-2013 A.6.1.3 ISO27001-2013_A.6.1.3 ISO 27001:2013 A.6.1.3 Organization of Information Security Contact with authorities Shared n/a Appropriate contacts with relevant authorities shall be maintained. link 2
ISO27001-2013 A.6.1.4 ISO27001-2013_A.6.1.4 ISO 27001:2013 A.6.1.4 Organization of Information Security Contact with special interest groups Shared n/a Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained. link 6
op.exp.7 Incident management op.exp.7 Incident management 404 not found n/a n/a 103
org.2 Security regulations org.2 Security regulations 404 not found n/a n/a 100
org.3 Security procedures org.3 Security procedures 404 not found n/a n/a 83
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 5269d7e4-3768-501d-7e46-66c56c15622c
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC