| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1171 - Penetration Testing | Independent Penetration Agent Or Team | ||
| Id | 6d4820bc-8b61-4982-9501-2123cb776c00 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Security Assessment and Authorization control | ||
| Cloud environments | AzureCloud = true AzureUSGovernment = true AzureChinaCloud = unknown |
||
| Available in AzUSGov | The Policy is available in AzureUSGovernment cloud. Version: '1.0.0' Repository: Azure-Policy 6d4820bc-8b61-4982-9501-2123cb776c00 |
||
| Additional metadata |
Name/Id: ACF1171 / Microsoft Managed Control 1171 Category: Security Assessment and Authorization Title: Penetration Testing | Independent Penetration Agent Or Team Ownership: Customer, Microsoft Description: The organization employs an independent penetration agent or penetration team to perform penetration testing on the information system or system components. Requirements: The Third Party Assessment Organization (3PAO) performs penetration testing on the information system at least annually. The Penetration Test Report covers Azure system components identified as part of the authorization boundary. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|