AzPolicyAdvertizer

last sync: 2025-Apr-25 19:39:43 UTC

Microsoft Managed Control 1093 - Role-Based Security Training | Regulatory Compliance - Awareness and Training

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1093 - Role-Based Security Training
Id 7a0bdeeb-15f4-47e8-a1da-9f769f845fdf
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Awareness and Training control
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy 7a0bdeeb-15f4-47e8-a1da-9f769f845fdf
Additional metadata Name/Id: ACF1093 / Microsoft Managed Control 1093
Category: Awareness and Training
Title: Role-Based Security Training - Before Access is Authorized
Ownership: Customer, Microsoft
Description: The organization provides role-based security training to personnel with assigned security roles and responsibilities: Before authorizing access to the information system or performing assigned duties;
Requirements: Microsoft C+AI training and awareness components are classified into one of two types: Role-Based and Required. Role-Based Training Role-Based training is mandatory security and awareness education that is deemed helpful in the facilitation of understanding security processes and procedures for a particular role an individual is placed in and is directly related to the job responsibilities of the individual. Role-Based training is offered to full-time personnel through the STRIKE program for engineering disciplines providing 200-400 level security training and best practices. Required Training Required training is mandatory security and awareness education that the Information Risk Management Council (IRMC) has specifically identified and defined as appropriate for Azure personnel based upon their organization. Required annual training includes Security Foundations for new hires and non-engineering FTEs and the STRIKE program for engineering FTEs.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1093 - Role-Based Security Training' (7a0bdeeb-15f4-47e8-a1da-9f769f845fdf)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
NIS2 Cybersecurity_training_7 NIS2_Cybersecurity_training_7 NIS2_Cybersecurity_training_7 Cybersecurity training Basic cybersecurity hygiene and training Customer, Microsoft Security Training Records - Documentation Essential and important entities should adopt a wide range of basic cyber hygiene practices, such as zero-trust principles, software updates, device configuration, network segmentation, identity and access management or user awareness, organise training for their staff and raise awareness concerning cyber threats, phishing or social engineering techniques. Cyber hygiene policies provide the foundations for protecting network and information system infrastructures, hardware, software and online application security, and business or end-user data upon which entities rely. Cyber hygiene policies comprising a common baseline set of practices, including software and hardware updates, password changes, the management of new installs, the limitation of administrator-level access accounts, and the backing-up of data, enable a proactive framework of preparedness and overall safety and security in the event of incidents or cyber threats. ENISA should monitor and analyse Member States’ cyber hygiene policies. 8
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC