last sync: 2024-Apr-24 17:46:58 UTC

Track software license usage | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Track software license usage
Id 77cc89bb-774f-48d7-8a84-fb8c322c3000
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1235 - Track software license usage
Additional metadata Name/Id: CMA_C1235 / CMA_C1235
Category: Operational
Title: Track software license usage
Ownership: Customer
Description: The customer is responsible for tracking the use of software and associated documentation protected by quantity licenses.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 8 compliance controls are associated with this Policy definition 'Track software license usage' (77cc89bb-774f-48d7-8a84-fb8c322c3000)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CM-10 FedRAMP_High_R4_CM-10 FedRAMP High CM-10 Configuration Management Software Usage Restrictions Shared n/a The organization: a. Uses software and associated documentation in accordance with contract agreements and copyright laws; b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7. References: None. link 4
FedRAMP_Moderate_R4 CM-10 FedRAMP_Moderate_R4_CM-10 FedRAMP Moderate CM-10 Configuration Management Software Usage Restrictions Shared n/a The organization: a. Uses software and associated documentation in accordance with contract agreements and copyright laws; b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7. References: None. link 4
hipaa 0112.02d2Organizational.3-02.d hipaa-0112.02d2Organizational.3-02.d 0112.02d2Organizational.3-02.d 01 Information Protection Program 0112.02d2Organizational.3-02.d 02.03 During Employment Shared n/a Acceptable usage is defined and usage is explicitly authorized. 7
hipaa 0722.07a1Organizational.67-07.a hipaa-0722.07a1Organizational.67-07.a 0722.07a1Organizational.67-07.a 07 Vulnerability Management 0722.07a1Organizational.67-07.a 07.01 Responsibility for Assets Shared n/a If the organization assigns assets to contractors, it ensures that the procedures for assigning and monitoring the use of the property are included in the contract; and, if assigned to volunteer workers, there is a written agreement specifying how and when the property will be inventoried and how it will be returned upon completion of the volunteer assignment. 3
ISO27001-2013 A.18.1.2 ISO27001-2013_A.18.1.2 ISO 27001:2013 A.18.1.2 Compliance Intellectual property rights Shared n/a Appropriate procedures shall be implemented to ensure compliance with legislative, regulatory, and contractual requirements related to intellectual property rights and use of proprietary software products. link 2
NIST_SP_800-53_R4 CM-10 NIST_SP_800-53_R4_CM-10 NIST SP 800-53 Rev. 4 CM-10 Configuration Management Software Usage Restrictions Shared n/a The organization: a. Uses software and associated documentation in accordance with contract agreements and copyright laws; b. Tracks the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Controls and documents the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. Supplemental Guidance: Software license tracking can be accomplished by manual methods (e.g., simple spreadsheets) or automated methods (e.g., specialized tracking applications) depending on organizational needs. Related controls: AC-17, CM-8, SC-7. References: None. link 4
NIST_SP_800-53_R5 CM-10 NIST_SP_800-53_R5_CM-10 NIST SP 800-53 Rev. 5 CM-10 Configuration Management Software Usage Restrictions Shared n/a a. Use software and associated documentation in accordance with contract agreements and copyright laws; b. Track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and c. Control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. link 4
PCI_DSS_v4.0 12.2.1 PCI_DSS_v4.0_12.2.1 PCI DSS v4.0 12.2.1 Requirement 12: Support Information Security with Organizational Policies and Programs Acceptable use policies for end-user technologies are defined and implemented Shared n/a Acceptable use policies for end-user technologies are documented and implemented, including: • Explicit approval by authorized parties. • Acceptable uses of the technology. • List of products approved by the company for employee use, including hardware and software. link 4
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 77cc89bb-774f-48d7-8a84-fb8c322c3000
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC