last sync: 2024-Apr-19 17:43:58 UTC

Require compliance with intellectual property rights | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Require compliance with intellectual property rights
Id 725164e5-3b21-1ec2-7e42-14f077862841
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_0432 - Require compliance with intellectual property rights
Additional metadata Name/Id: CMA_0432 / CMA_0432
Category: Operational
Title: Require compliance with intellectual property rights
Ownership: Customer
Description: Microsoft recommends that your organization develop and implement procedures to comply with legislative, regulatory, and contractual requirements related to intellectual property rights and the use of proprietary software products or copyrighted material. It is recommended to identify cloud-specific licensing requirements before permitting licensed software to be installed in a cloud service. Your organization should consider documenting and implementing processes to ensure compliance with trade secret requirements based on the terms of the contract that dictate trade secret ownership. Prior to granting licenses to leverage the trade secret, it is recommended that your organization identify licensing requirements (e.g. territory, term, contents, methods of use or other matters in connection with the license). Microsoft recommends that your organization document procedures that prohibit unlawful misappropriation, disclosure, or use of trade secrets if the secrets are unlawfully acquired, used, or disclosed. It is recommended that your organization require personnel to perform the following activities: - Assume there is always copyright with external information and/or material - Look for an explicit statement confirming that the material is for public use - Get consent from the information owner if original material needs to be used - Read the terms and conditions for material that is not your Intellectual Property (IP); and - Understand the nuances of fair us. We also recommend that your organization indicate the source of information when quotations for digital media is allowed. Your organization is recommended to establish a process for receiving requests related to the removal of copyrighted content from public locations, such as on the Internet. It is recommended to take remove and restrict access to illegally placed content within the timeframe determined by applicable regulations.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 8 compliance controls are associated with this Policy definition 'Require compliance with intellectual property rights' (725164e5-3b21-1ec2-7e42-14f077862841)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CM-10 FedRAMP_High_R4_CM-10 FedRAMP High CM-10 Configuration Management Software Usage Restrictions Shared n/a The organization: a. Uses software and associated documentation in accordance with contract agreements and copyright laws; b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7. References: None. link 4
FedRAMP_Moderate_R4 CM-10 FedRAMP_Moderate_R4_CM-10 FedRAMP Moderate CM-10 Configuration Management Software Usage Restrictions Shared n/a The organization: a. Uses software and associated documentation in accordance with contract agreements and copyright laws; b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7. References: None. link 4
hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 01 Information Protection Program 0112.02d2Organizational.3-02.d 02.03 During Employment Shared n/a Acceptable usage is defined and usage is explicitly authorized. 7
hipaa 0722.07a1Organizational.67-07.a hipaa-0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 07 Vulnerability Management 0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets Shared n/a If the organization assigns assets to contractors, it ensures that the procedures for assigning and monitoring the use of the property are included in the contract; and, if assigned to volunteer workers, there is a written agreement specifying how and when the property will be inventoried and how it will be returned upon completion of the volunteer assignment. 3
ISO27001-2013 A.18.1.2 ISO27001-2013_A.18.1.2 ISO 27001:2013 A.18.1.2 Compliance Intellectual property rights Shared n/a Appropriate procedures shall be implemented to ensure compliance with legislative, regulatory, and contractual requirements related to intellectual property rights and use of proprietary software products. link 2
NIST_SP_800-53_R4 CM-10 NIST_SP_800-53_R4_CM-10 NIST SP 800-53 Rev. 4 CM-10 Configuration Management Software Usage Restrictions Shared n/a The organization: a. Uses software and associated documentation in accordance with contract agreements and copyright laws; b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7. References: None. link 4
NIST_SP_800-53_R5 CM-10 NIST_SP_800-53_R5_CM-10 NIST SP 800-53 Rev. 5 CM-10 Configuration Management Software Usage Restrictions Shared n/a a. Use software and associated documentation in accordance with contract agreements and copyright laws; b. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. link 4
PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Requirement 12: Support Information Security with Organizational Policies and Programs Acceptable use policies for end-user technologies are defined and implemented Shared n/a Acceptable use policies for end-user technologies are documented and implemented, including: • Explicit approval by authorized parties. • Acceptable uses of the technology. • List of products approved by the company for employee use, including hardware and software. link 4
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 725164e5-3b21-1ec2-7e42-14f077862841
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC