AzPolicyAdvertizer

last sync: 2024-Jul-26 18:17:39 UTC

Require compliance with intellectual property rights | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Require compliance with intellectual property rights

725164e5-3b21-1ec2-7e42-14f077862841

Version

1.1.0
Details on versioning

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_0432 - Require compliance with intellectual property rights

Additional metadata

Name/Id: CMA_0432 / CMA_0432
Category: Operational
Title: Require compliance with intellectual property rights
Ownership: Customer
Description: Microsoft recommends that your organization develop and implement procedures to comply with legislative, regulatory, and contractual requirements related to intellectual property rights and the use of proprietary software products or copyrighted material. It is recommended to identify cloud-specific licensing requirements before permitting licensed software to be installed in a cloud service. Your organization should consider documenting and implementing processes to ensure compliance with trade secret requirements based on the terms of the contract that dictate trade secret ownership. Prior to granting licenses to leverage the trade secret, it is recommended that your organization identify licensing requirements (e.g. territory, term, contents, methods of use or other matters in connection with the license). Microsoft recommends that your organization document procedures that prohibit unlawful misappropriation, disclosure, or use of trade secrets if the secrets are unlawfully acquired, used, or disclosed. It is recommended that your organization require personnel to perform the following activities: - Assume there is always copyright with external information and/or material - Look for an explicit statement confirming that the material is for public use - Get consent from the information owner if original material needs to be used - Read the terms and conditions for material that is not your Intellectual Property (IP); and - Understand the nuances of fair us. We also recommend that your organization indicate the source of information when quotations for digital media is allowed. Your organization is recommended to establish a process for receiving requests related to the removal of copyrighted content from public locations, such as on the Internet. It is recommended to take remove and restrict access to illegally placed content within the timeframe determined by applicable regulations.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 9 compliance controls are associated with this Policy definition 'Require compliance with intellectual property rights' (725164e5-3b21-1ec2-7e42-14f077862841)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
FedRAMP_High_R4	CM-10	FedRAMP_High_R4_CM-10	FedRAMP High CM-10	Configuration Management	Software Usage Restrictions	Shared	n/a	The organization: a. Uses software and associated documentation in accordance with contract agreements and copyright laws; b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7. References: None.	link	4
FedRAMP_Moderate_R4	CM-10	FedRAMP_Moderate_R4_CM-10	FedRAMP Moderate CM-10	Configuration Management	Software Usage Restrictions	Shared	n/a	The organization: a. Uses software and associated documentation in accordance with contract agreements and copyright laws; b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7. References: None.	link	4
hipaa	0112.02d2Organizational.3-02.d	hipaa-0112.02d2Organizational.3-02.d	0112.02d2Organizational.3-02.d	01 Information Protection Program	0112.02d2Organizational.3-02.d 02.03 During Employment	Shared	n/a	Acceptable usage is defined and usage is explicitly authorized.		7
hipaa	0722.07a1Organizational.67-07.a	hipaa-0722.07a1Organizational.67-07.a	0722.07a1Organizational.67-07.a	07 Vulnerability Management	0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets	Shared	n/a	If the organization assigns assets to contractors, it ensures that the procedures for assigning and monitoring the use of the property are included in the contract; and, if assigned to volunteer workers, there is a written agreement specifying how and when the property will be inventoried and how it will be returned upon completion of the volunteer assignment.		3
ISO27001-2013	A.18.1.2	ISO27001-2013_A.18.1.2	ISO 27001:2013 A.18.1.2	Compliance	Intellectual property rights	Shared	n/a	Appropriate procedures shall be implemented to ensure compliance with legislative, regulatory, and contractual requirements related to intellectual property rights and use of proprietary software products.	link	2
NIST_SP_800-53_R4	CM-10	NIST_SP_800-53_R4_CM-10	NIST SP 800-53 Rev. 4 CM-10	Configuration Management	Software Usage Restrictions	Shared	n/a	The organization: a. Uses software and associated documentation in accordance with contract agreements and copyright laws; b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7. References: None.	link	4
NIST_SP_800-53_R5	CM-10	NIST_SP_800-53_R5_CM-10	NIST SP 800-53 Rev. 5 CM-10	Configuration Management	Software Usage Restrictions	Shared	n/a	a. Use software and associated documentation in accordance with contract agreements and copyright laws; b. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.	link	4
	org.1 Security policy	org.1 Security policy	404 not found				n/a	n/a		94
PCI_DSS_v4.0	12.2.1	PCI_DSS_v4.0_12.2.1	PCI DSS v4.0 12.2.1	Requirement 12: Support Information Security with Organizational Policies and Programs	Acceptable use policies for end-user technologies are defined and implemented	Shared	n/a	Acceptable use policies for end-user technologies are documented and implemented, including: • Explicit approval by authorized parties. • Acceptable uses of the technology. • List of products approved by the company for employee use, including hardware and software.	link	4

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn
FedRAMP Moderate	e95f5a9f-57ad-4d03-bb0b-b1d16db93693	Regulatory Compliance	GA	BuiltIn
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA	BuiltIn
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn
NIST SP 800-53 Rev. 5	179d1daa-458f-4e47-8086-2a68d0d6c38f	Regulatory Compliance	GA	BuiltIn
PCI DSS v4	c676748e-3af9-4e22-bc28-50feed564afb	Regulatory Compliance	GA	BuiltIn
Spain ENS	175daf90-21e1-4fec-b745-7b4c909aa94c	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	725164e5-3b21-1ec2-7e42-14f077862841

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC