last sync: 2024-Apr-24 17:46:58 UTC

Establish requirements for internet service providers | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Establish requirements for internet service providers
Id 5f2e834d-7e40-a4d5-a216-e49b16955ccf
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_0278 - Establish requirements for internet service providers
Additional metadata Name/Id: CMA_0278 / CMA_0278
Category: Documentation
Title: Establish requirements for internet service providers
Ownership: Customer
Description: Microsoft recommends that your organization establish and document requirements to be performed by your organization for Internet Service Providers (ISPs) such as: - Evaluating the ISP's plan and methods - Determining the ability of the ISP to increase the network bandwidth in case there is an increase in demand - Evaluating the ISP's incident handling and incident response plan adequacy
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 14 compliance controls are associated with this Policy definition 'Establish requirements for internet service providers' (5f2e834d-7e40-a4d5-a216-e49b16955ccf)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CP-7(3) FedRAMP_High_R4_CP-7(3) FedRAMP High CP-7 (3) Contingency Planning Priority Of Service Shared n/a The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives). Supplemental Guidance: Priority-of-service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources at the alternate processing site. link 2
FedRAMP_High_R4 CP-8(1) FedRAMP_High_R4_CP-8(1) FedRAMP High CP-8 (1) Contingency Planning Priority Of Service Provisions Shared n/a The organization: (a) Develops primary and alternate telecommunications service agreements that contain priority- of-service provisions in accordance with organizational availability requirements (including recovery time objectives); and (b) Requests Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness in the event that the primary and/or alternate telecommunications services are provided by a common carrier. Supplemental Guidance: Organizations consider the potential mission/business impact in situations where telecommunications service providers are servicing other organizations with similar priority-of-service provisions. link 1
FedRAMP_Moderate_R4 CP-7(3) FedRAMP_Moderate_R4_CP-7(3) FedRAMP Moderate CP-7 (3) Contingency Planning Priority Of Service Shared n/a The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives). Supplemental Guidance: Priority-of-service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources at the alternate processing site. link 2
FedRAMP_Moderate_R4 CP-8(1) FedRAMP_Moderate_R4_CP-8(1) FedRAMP Moderate CP-8 (1) Contingency Planning Priority Of Service Provisions Shared n/a The organization: (a) Develops primary and alternate telecommunications service agreements that contain priority- of-service provisions in accordance with organizational availability requirements (including recovery time objectives); and (b) Requests Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness in the event that the primary and/or alternate telecommunications services are provided by a common carrier. Supplemental Guidance: Organizations consider the potential mission/business impact in situations where telecommunications service providers are servicing other organizations with similar priority-of-service provisions. link 1
hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 16 Business Continuity & Disaster Recovery 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management Shared n/a Alternative storage and processing sites are identified (permanent and/or temporary) at a sufficient distance from the primary facility and configured with security measures equivalent to the primary site, and the necessary third-party service agreements have been established to allow for the resumption of information systems operations of critical business functions within the time period defined (e.g., priority of service provisions) based on a risk assessment, including Recovery Time Objectives (RTO), in accordance with the organization's availability requirements. 6
hipaa 1609.12c3Organizational.12-12.c hipaa-1609.12c3Organizational.12-12.c 1609.12c3Organizational.12-12.c 16 Business Continuity & Disaster Recovery 1609.12c3Organizational.12-12.c 12.01 Information Security Aspects of Business Continuity Management Shared n/a Alternate telecommunications services that are sufficiently separated from the primary service provider are established with priority-of-service provisions. 1
hipaa 1619.09l1Organizational.7-09.l hipaa-1619.09l1Organizational.7-09.l 1619.09l1Organizational.7-09.l 16 Business Continuity & Disaster Recovery 1619.09l1Organizational.7-09.l 09.05 Information Back-Up Shared n/a Inventory records for the backup copies, including content and current location, are maintained. 2
ISO27001-2013 A.11.2.2 ISO27001-2013_A.11.2.2 ISO 27001:2013 A.11.2.2 Physical And Environmental Security Supporting utilities Shared n/a Equipment shall be protected from power failures and other disruptions caused by failures in supporting utilities. link 3
ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Information Security Aspects Of Business Continuity Management Implementing information security continuity Shared n/a The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation. link 18
NIST_SP_800-53_R4 CP-7(3) NIST_SP_800-53_R4_CP-7(3) NIST SP 800-53 Rev. 4 CP-7 (3) Contingency Planning Priority Of Service Shared n/a The organization develops alternate processing site agreements that contain priority-of-service provisions in accordance with organizational availability requirements (including recovery time objectives). Supplemental Guidance: Priority-of-service agreements refer to negotiated agreements with service providers that ensure that organizations receive priority treatment consistent with their availability requirements and the availability of information resources at the alternate processing site. link 2
NIST_SP_800-53_R4 CP-8(1) NIST_SP_800-53_R4_CP-8(1) NIST SP 800-53 Rev. 4 CP-8 (1) Contingency Planning Priority Of Service Provisions Shared n/a The organization: (a) Develops primary and alternate telecommunications service agreements that contain priority- of-service provisions in accordance with organizational availability requirements (including recovery time objectives); and (b) Requests Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness in the event that the primary and/or alternate telecommunications services are provided by a common carrier. Supplemental Guidance: Organizations consider the potential mission/business impact in situations where telecommunications service providers are servicing other organizations with similar priority-of-service provisions. link 1
NIST_SP_800-53_R5 CP-7(3) NIST_SP_800-53_R5_CP-7(3) NIST SP 800-53 Rev. 5 CP-7 (3) Contingency Planning Priority of Service Shared n/a Develop alternate processing site agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives). link 2
NIST_SP_800-53_R5 CP-8(1) NIST_SP_800-53_R5_CP-8(1) NIST SP 800-53 Rev. 5 CP-8 (1) Contingency Planning Priority of Service Provisions Shared n/a (a) Develop primary and alternate telecommunications service agreements that contain priority-of-service provisions in accordance with availability requirements (including recovery time objectives); and (b) Request Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness if the primary and/or alternate telecommunications services are provided by a common carrier. link 1
SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 9. Ensure Availability through Resilience Providers must ensure that the service remains available for customers in the event of a site disaster. Shared n/a Providers must ensure that the service remains available for customers in the event of a site disaster. link 13
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 5f2e834d-7e40-a4d5-a216-e49b16955ccf
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC