| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1550 - Vulnerability Scanning | ||
| Id | 902908fb-25a8-4225-a3a5-5603c80066c9 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Risk Assessment control | ||
| Additional metadata |
Name/Id: ACF1550 / Microsoft Managed Control 1550 Category: Risk Assessment Title: Vulnerability Scanning - Share Vulnerability Information with Defined Personnel to Help Other Systems Ownership: Customer, Microsoft Description: The organization: Shares information obtained from the vulnerability scanning process and security control assessments with Microsoft Azure Security, Microsoft Azure Compliance, FedRAMP to help eliminate similar vulnerabilities in other information systems (i.e., systemic weaknesses or deficiencies). Requirements: The C+AI Vulnerability Management team regularly communicates relevant information obtained during the scanning process with the appropriate Microsoft’s Online Services personnel to eliminate duplicate efforts and to facilitate the remediation process. Reporting of security vulnerabilities is conducted via the vulnerability management and reporting tool and focused e-mails. The vulnerability management and reporting tool provides reports based on multiple criteria, including property, server and security flaws identified from the vulnerability scans and is accessible by Azure personnel at any time. E-mail communication from the Vulnerability Management team is used to notify asset owners in cases of elevated risk or when expedited action is necessary. In addition, Azure shares information obtained from the vulnerability scanning process and security control assessments with the ISSO/ISSM monthly via the Continuous Monitoring Reports and POA&M. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|