last sync: 2023-Sep-26 18:00:51 UTC

Azure Policy definition

Microsoft Managed Control 1703 - Security Alerts & Advisories | Regulatory Compliance - System and Information Integrity

Source Azure Portal
Display name Microsoft Managed Control 1703 - Security Alerts & Advisories
Id 804faf7d-b687-40f7-9f74-79e28adf4205
Version 1.0.1
details on versioning
Category Regulatory Compliance
Microsoft docs
Description Microsoft implements this System and Information Integrity control
Additional metadata Name/Id: ACF1703 / Microsoft Managed Control 1703
Category: System and Information Integrity
Title: Security Alerts, Advisories, And Directives - Alerts from External Organizations
Ownership: Customer, Microsoft
Description: The organization: Receives information system security alerts, advisories, and directives from including US-CERT on an ongoing basis;
Requirements: For all asset types, Azure receives information system security alerts, advisories, and directives from external vendors, parties providing software within the Azure environment, and external security organizations including US-CERT and other external parties performing independent vulnerability analysis. In addition, customers can report security incidents at any time through the Azure Management Portal or via a twenty-four (24) hours a day, seven (7) days a week dedicated phone line that is available. Internally, Microsoft’s Security Response Team notifies service teams of security incidents and the latest security patches for Microsoft’s software platforms. The Microsoft Security Response Center (MSRC) also publishes Security Bulletins and associated patches every month except when MSRC determines that an out-of-band patch is required for addressing zero-day vulnerabilities or escalations. Working with MSRC and Security Response Team, external parties such as regulators, law enforcement, ISPs, and other partners can identify security issues. Service teams also subscribe to service-specific alerts, advisories, and directives as needed. Azure is also made aware of any directives or advisories through the FedRAMP Program Management Office (PMO), the DISA/DoD authorizing officials, and other authorizing officials, which send email alerts to provide situational awareness and any actions that all CSPs must take.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Patch (1.0.0 > 1.0.1)
JSON compare
compare mode: version left: version right: