| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1371 - Incident Reporting | ||
| Id | 9447f354-2c85-4700-93b3-ecdc6cb6a417 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Incident Response control | ||
| Additional metadata |
Name/Id: ACF1371 / Microsoft Managed Control 1371 Category: Incident Response Title: Incident Reporting - Required Timeframe Ownership: Customer, Microsoft Description: The organization: Requires personnel to report suspected security incidents to the organizational incident response capability within US-CERT incident categorization and reporting timelines as specified in NIST SP800-61 (as amended); and Requirements: All Microsoft personnel are required to immediately report events when they believe that a security incident has occurred. Examples of such events include, but are not limited to: * Alerts, notifications, error messages, or other automated warnings that indicate a security incident may have occurred. * Reports of security incidents received from external parties, including customers, members of the press, or the general public. * Personal observations of anomalies or unexpected events that might indicate a security incident has occurred. * Indication of virus, malicious software or hacker activity. Personnel can report incidents by manually entering event related data directly into the incident management ticketing system which is classified in accordance with NIST SP 800-61 standards based on the Classification, Escalation, and Notification (CEN) Matrix and escalated or by sending email to cdoc@microsoft.com. Tickets are routed automatically to the Security Response Team. Any incident that involves the breach of personal information (PII or above) also requires a notification to the Security team at alias cdoc@microsoft.com. Security then loops in the dedicated Privacy team if needed. Incidents that involve the exposure of information covered by Privacy Policy necessitate the involvement of the Privacy team. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|