last sync: 2025-Mar-14 18:30:15 UTC

Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information | Regulatory Compliance - Contingency Planning

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information
Id 87f7cd82-2e45-4d0f-9e2f-586b0962d142
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Contingency Planning control
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy 87f7cd82-2e45-4d0f-9e2f-586b0962d142
Additional metadata Name/Id: ACF1293 / Microsoft Managed Control 1293
Category: Contingency Planning
Title: Information System Backup | Separate Storage For Critical Information
Ownership: Customer, Microsoft
Description: The organization stores backup copies of All operating system and critical software code in a separate facility or in a fire-rated container that is not collocated with the operational system.
Requirements: All Azure server, network device, and service code is backed up in Azure DevOps. Multiple backups exist in geo-diverse locations. All Azure datacenters can be used as alternate processing sites, and each site has the necessary agreements in place to transfer and resume services logically without equipment transfer. Azure service teams determine recovery objectives following the Business Impact Analysis (BIA) process and services are designed and tested to meet objectives, following the Azure Business Continuity Management (BCM) process.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance
The following 6 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information' (87f7cd82-2e45-4d0f-9e2f-586b0962d142)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
NIS2 BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 NIS2_BR._Backup_and_Recovery_3 BR. Backup and Recovery Business continuity and crisis management n/a Directive (EU) 2016/1148 of the European Parliament and the Council (4) aimed to build cybersecurity capabilities across the Union, mitigate threats to network and information systems used to provide essential services in key sectors and ensure the continuity of such services when facing incidents, thus contributing to the Union’s security and to the effective functioning of its economy and society. 25
op.cont.1 Impact analysis op.cont.1 Impact analysis 404 not found n/a n/a 68
op.cont.2 Continuity plan op.cont.2 Continuity plan 404 not found n/a n/a 68
op.cont.3 Periodic tests op.cont.3 Periodic tests 404 not found n/a n/a 91
op.cont.4 Alternative means op.cont.4 Alternative means 404 not found n/a n/a 95
op.exp.3 Security configuration management op.exp.3 Security configuration management 404 not found n/a n/a 123
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn unknown
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC