AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

Microsoft Managed Control 1734 - Information Security Resources | Regulatory Compliance - Program Management

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1734 - Information Security Resources
Id 5fd9ced5-18e8-4c09-91b7-3725680f8ade
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Program Management control
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy 5fd9ced5-18e8-4c09-91b7-3725680f8ade
Additional metadata Name/Id: ACF1734 / Microsoft Managed Control 1734
Category: Program Management
Title: Information Security Resources - Requests Include Resources Needed
Ownership: Customer, Microsoft
Description: The organization: Ensures that all capital planning and investment requests include the resources needed to implement the information security program and documents all exceptions to this requirement;
Requirements: The standard Microsoft procurement and budgeting process is followed for Azure, including creating a business case to identify resources required. Microsoft annually budgets funding necessary to support all systems and the corporate security posture across the entire company. Microsoft has determined, documented, and allocated the resources required to protect the information system as part of its capital budgeting process. The information security control requirements are documented in this SSP. The Azure Risk Management SOP defines the criteria used by Azure to evaluate strategic, operational, legal and financial risk on a periodic basis in order to minimize negative impact on operations and aide in effective decision-making.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1734 - Information Security Resources' (5fd9ced5-18e8-4c09-91b7-3725680f8ade)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 LT. Logging and Threat Detection Risk analysis & information system security policies n/a Responsibility for ensuring the security of network and information system lies, to a great extent, with essential and important entities. A culture of risk management, involving risk assessments and the implementation of cybersecurity risk-management measures appropriate to the risks faced, should be promoted and developed. In order to avoid imposing a disproportionate financial and administrative burden on essential and important entities, the cybersecurity risk-management measures should be proportionate to the risks posed to the network and information system concerned, taking into account the state-of-the-art of such measures, and, where applicable, relevant European and international standards, as well as the cost for their implementation. 24
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 add 5fd9ced5-18e8-4c09-91b7-3725680f8ade
JSON compare n/a
JSON
api-version=2021-06-01
EPAC