last sync: 2024-Mar-01 17:50:27 UTC

Analyse data obtained from continuous monitoring | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Analyse data obtained from continuous monitoring
Id 6a379d74-903b-244a-4c44-838728bea6b0
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1169 - Analyse data obtained from continuous monitoring
Additional metadata Name/Id: CMA_C1169 / CMA_C1169
Category: Documentation
Title: Analyse data obtained from continuous monitoring
Ownership: Customer
Description: The customer is responsible for employing continuous monitoring trend analyses to determine if security control implementations, the frequency of continuous monitoring activities, and/or the types of activities used in the continuous monitoring process need to be modified based on empirical data obtained from trend analyses.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 4 compliance controls are associated with this Policy definition 'Analyse data obtained from continuous monitoring' (6a379d74-903b-244a-4c44-838728bea6b0)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CA-7(3) FedRAMP_High_R4_CA-7(3) FedRAMP High CA-7 (3) Security Assessment And Authorization Trend Analyses Shared n/a The organization employs trend analyses to determine if security control implementations, the frequency of continuous monitoring activities, and/or the types of activities used in the continuous monitoring process need to be modified based on empirical data. Supplemental Guidance: Trend analyses can include, for example, examining recent threat information regarding the types of threat events that have occurred within the organization or across the federal government, success rates of certain types of cyber attacks, emerging vulnerabilities in information technologies, evolving social engineering techniques, results from multiple security control assessments, the effectiveness of configuration settings, and findings from Inspectors General or auditors. link 1
hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06 Configuration Management 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance Shared n/a The organization has developed a continuous monitoring strategy and implemented a continuous monitoring program. 7
NIST_SP_800-53_R4 CA-7(3) NIST_SP_800-53_R4_CA-7(3) NIST SP 800-53 Rev. 4 CA-7 (3) Security Assessment And Authorization Trend Analyses Shared n/a The organization employs trend analyses to determine if security control implementations, the frequency of continuous monitoring activities, and/or the types of activities used in the continuous monitoring process need to be modified based on empirical data. Supplemental Guidance: Trend analyses can include, for example, examining recent threat information regarding the types of threat events that have occurred within the organization or across the federal government, success rates of certain types of cyber attacks, emerging vulnerabilities in information technologies, evolving social engineering techniques, results from multiple security control assessments, the effectiveness of configuration settings, and findings from Inspectors General or auditors. link 1
NIST_SP_800-53_R5 CA-7(3) NIST_SP_800-53_R5_CA-7(3) NIST SP 800-53 Rev. 5 CA-7 (3) Assessment, Authorization, and Monitoring Trend Analyses Shared n/a Employ trend analyses to determine if control implementations, the frequency of continuous monitoring activities, and the types of activities used in the continuous monitoring process need to be modified based on empirical data. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 6a379d74-903b-244a-4c44-838728bea6b0
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC