AzPolicyAdvertizer

last sync: 2025-Jul-03 17:22:55 UTC

Microsoft Managed Control 1807 - Governance And Privacy Program | Regulatory Compliance - Accountability, Audit, and Risk Management

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Microsoft Managed Control 1807 - Governance And Privacy Program

7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6

Version

1.0.0
Details on versioning

Versioning

Versions supported for Versioning: 0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

Microsoft implements this Accountability, Audit, and Risk Management control

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy 7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6

Additional metadata

Name/Id: ACF1807 / Microsoft Managed Control 1807
Category: Accountability, Audit, and Risk Management
Title: Governance And Privacy Program - Privacy Plan Update Frequency
Ownership: Customer, Microsoft
Description: Updates privacy plan, policies, and procedures at least annually.
Requirements: The annual privacy review is conducted manually by the Privacy team. The Privacy Manager obtains a list of all PII information collected from the individual Azure service teams to ensure that only appropriate information is being collected and is in compliance with the Microsoft Privacy Standard, Privacy Policy, and the Azure Privacy Standard Operating Procedure (SOP).

Mode

Indexed

Type

Static

Preview

False

Deprecated

False

Effect

Fixed
audit

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (2)

Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups

Compliance

The following 2 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1807 - Governance And Privacy Program ' (7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
NIS2	ES._Endpoint_Security_6	NIS2_ES._Endpoint_Security_6	NIS2_ES._Endpoint_Security_6	ES. Endpoint Security	Policies and procedures to assess the efficacy of cybersecurity risk management measures	Customer	Alert personnel of information spillage	Entities should evaluate their own cybersecurity capabilities and, where appropriate, pursue the integration of cybersecurity enhancing technologies, such as artificial intelligence. For the purpose of demonstrating compliance with cybersecurity risk-management measures and in the absence of appropriate European cybersecurity certification schemes adopted in accordance with Regulation (EU) 2019/881 of the European Parliament and of the Council (18), Member States should, in consultation with the Cooperation Group and the European Cybersecurity Certification Group, promote the use of relevant European and international standards by essential and important entities or may require entities to use certified ICT products, ICT services and ICT processes.		17
	op.pl.1 Risk analysis	op.pl.1 Risk analysis	404 not found				n/a	n/a		70

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
[Preview]: NIS2	32ff9e30-4725-4ca7-ba3a-904a7721ee87	Regulatory Compliance	Preview	BuiltIn	unknown
Spain ENS	175daf90-21e1-4fec-b745-7b4c909aa94c	Regulatory Compliance	GA	BuiltIn	unknown

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-04-01 20:29:14	add	7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6

JSON compare

n/a

JSON

api-version=2021-06-01
EPAC