last sync: 2024-Apr-24 17:46:58 UTC

Publish SORNs for systems containing PII | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Publish SORNs for systems containing PII
Id 898a5781-2254-5a37-34c7-d78ea7c20d55
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1862 - Publish SORNs for systems containing PII
Additional metadata Name/Id: CMA_C1862 / CMA_C1862
Category: Operational
Title: Publish SORNs for systems containing PII
Ownership: Customer
Description: The customer is responsible for publishing System of Records Notices (SORNs) in the Federal Register, subject to required oversight processes, for systems containing personally identifiable information (PII).
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 3 compliance controls are associated with this Policy definition 'Publish SORNs for systems containing PII' (898a5781-2254-5a37-34c7-d78ea7c20d55)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 1906.06.c1Organizational.2-06.c hipaa-1906.06.c1Organizational.2-06.c 1906.06.c1Organizational.2-06.c 19 Data Protection & Privacy 1906.06.c1Organizational.2-06.c 06.01 Compliance with Legal Requirements Shared n/a The organization documents compliance with the notice requirements by retaining copies of the notices issued by the organization for a period of six years and, if applicable, any written acknowledgements of receipt of the notice or documentation of good faith efforts to obtain such written acknowledgement. 4
hipaa 1907.06.c1Organizational.3-06.c hipaa-1907.06.c1Organizational.3-06.c 1907.06.c1Organizational.3-06.c 19 Data Protection & Privacy 1907.06.c1Organizational.3-06.c 06.01 Compliance with Legal Requirements Shared n/a The organization documents restrictions in writing and formally maintains such writing, or an electronic copy of such writing, as an organizational record for a period of six years. 4
hipaa 1908.06.c1Organizational.4-06.c hipaa-1908.06.c1Organizational.4-06.c 1908.06.c1Organizational.4-06.c 19 Data Protection & Privacy 1908.06.c1Organizational.4-06.c 06.01 Compliance with Legal Requirements Shared n/a The organization documents and maintains (i) designated record sets that are subject to access by individuals, and (ii) titles of the persons or office responsible for receiving and processing requests for access by individuals as organizational records for a period of six years. 11
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 898a5781-2254-5a37-34c7-d78ea7c20d55
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC