AzPolicyAdvertizer

last sync: 2025-Sep-22 17:23:02 UTC

Implement Incident handling capability | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Implement Incident handling capability
Id 98e33927-8d7f-6d5f-44f5-2469b40b7215
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1367 - Implement Incident handling capability
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Additional metadata Name/Id: CMA_C1367 / CMA_C1367
Category: Operational
Title: Implement Incident handling capability
Ownership: Customer
Description: The customer is responsible for implementing an incident handling capability for insider threats.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Compliance
The following 8 compliance controls are associated with this Policy definition 'Implement Incident handling capability' (98e33927-8d7f-6d5f-44f5-2469b40b7215)
Rows: 1-8 / 8

Columns:

Close

Columns▼Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IR-4(6) FedRAMP_High_R4_IR-4(6) FedRAMP High IR-4 (6) Incident Response Insider Threats - Specific Capabilities Shared n/a The organization implements incident handling capability for insider threats. Supplemental Guidance: While many organizations address insider threat incidents as an inherent part of their organizational incident response capability, this control enhancement provides additional emphasis on this type of threat and the need for specific incident handling capabilities (as defined within organizations) to provide appropriate and timely responses. link 1
hipaa 1503.02f2Organizational.12-02.f hipaa-1503.02f2Organizational.12-02.f 1503.02f2Organizational.12-02.f 15 Incident Management 1503.02f2Organizational.12-02.f 02.03 During Employment Shared n/a A contact in HR is appointed to handle employee security incidents and notify the CISO or a designated representative of the application of a formal employee sanctions process, identifying the individual and the reason for the sanction. 11
hipaa 1507.11a1Organizational.4-11.a hipaa-1507.11a1Organizational.4-11.a 1507.11a1Organizational.4-11.a 15 Incident Management 1507.11a1Organizational.4-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a The organization has implemented an insider threat program that includes a cross-discipline insider threat incident handling team. 3
hipaa 1521.11c2Organizational.56-11.c hipaa-1521.11c2Organizational.56-11.c 1521.11c2Organizational.56-11.c 15 Incident Management 1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements Shared n/a Testing exercises are planned, coordinated, executed, and documented periodically, at least annually, using reviews, analyses, and simulations to determine incident response effectiveness. Testing includes personnel associated with the incident handling team to ensure that they understand current threats and risks, as well as their responsibilities in supporting the incident handling team. 16
hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 15 Incident Management 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a The organization takes disciplinary action against workforce members that fail to cooperate with federal and state investigations. 6
NIST_SP_800-53_R4 IR-4(6) NIST_SP_800-53_R4_IR-4(6) NIST SP 800-53 Rev. 4 IR-4 (6) Incident Response Insider Threats - Specific Capabilities Shared n/a The organization implements incident handling capability for insider threats. Supplemental Guidance: While many organizations address insider threat incidents as an inherent part of their organizational incident response capability, this control enhancement provides additional emphasis on this type of threat and the need for specific incident handling capabilities (as defined within organizations) to provide appropriate and timely responses. link 1
NIST_SP_800-53_R5 IR-4(6) NIST_SP_800-53_R5_IR-4(6) NIST SP 800-53 Rev. 5 IR-4 (6) Incident Response Insider Threats Shared n/a Implement an incident handling capability for incidents involving insider threats. link 1
op.exp.7 Incident management op.exp.7 Incident management 404 not found n/a n/a 103
Initiatives usage
Rows: 1-5 / 5
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn true
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn unknown
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn true
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn true
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 98e33927-8d7f-6d5f-44f5-2469b40b7215
JSON compare
compare mode: version left: version right:
1.0.0 → 1.1.0 RENAMED
@@ -3,9 +3,9 @@
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "CMA_C1367 - Implement Incident handling capability",
6
  "metadata": {
7
- "version": "1.0.0",
8
  "category": "Regulatory Compliance",
9
  "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1367"
10
  },
11
  "parameters": {
@@ -29,9 +29,9 @@
29
  },
30
  "then": {
31
  "effect": "[parameters('effect')]",
32
  "details": {
33
- "defaultState": "NonCompliant"
34
  }
35
  }
36
  }
37
  }
 
3
  "policyType": "BuiltIn",
4
  "mode": "All",
5
  "description": "CMA_C1367 - Implement Incident handling capability",
6
  "metadata": {
7
+ "version": "1.1.0",
8
  "category": "Regulatory Compliance",
9
  "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1367"
10
  },
11
  "parameters": {
 
29
  },
30
  "then": {
31
  "effect": "[parameters('effect')]",
32
  "details": {
33
+ "defaultState": "Unknown"
34
  }
35
  }
36
  }
37
  }
JSON
api-version=2021-06-01
EPAC 
{7 items}