AzPolicyAdvertizer

last sync: 2024-Apr-24 17:46:58 UTC

Publish rules and regulations accessing Privacy Act records | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Publish rules and regulations accessing Privacy Act records

ad1d562b-a04b-15d3-6770-ed310b601cb5

Version

1.1.0
Details on versioning

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1847 - Publish rules and regulations accessing Privacy Act records

Additional metadata

Name/Id: CMA_C1847 / CMA_C1847
Category: Operational
Title: Publish rules and regulations accessing Privacy Act records
Ownership: Customer
Description: The customer is responsible for publishing rules and regulations governing how individuals may request access to records maintained in a Privacy Act system of records.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 2 compliance controls are associated with this Policy definition 'Publish rules and regulations accessing Privacy Act records' (ad1d562b-a04b-15d3-6770-ed310b601cb5)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
ISO27001-2013	A.12.4.1	ISO27001-2013_A.12.4.1	ISO 27001:2013 A.12.4.1	Operations Security	Event Logging	Shared	n/a	Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed.	link	53
SOC_2	P5.1	SOC_2_P5.1	SOC 2 Type 2 P5.1	Additional Criteria For Privacy	Personal information access	Shared	The customer is responsible for implementing this recommendation.	• Authenticates Data Subjects’ Identity — The identity of data subjects who request access to their personal information is authenticated before they are given access to that information. • Permits Data Subjects Access to Their Personal Information — Data subjects are able to determine whether the entity maintains personal information about them and, upon request, may obtain access to their personal information. • Provides Understandable Personal Information Within Reasonable Time — Personal information is provided to data subjects in an understandable form, in a reasonable time frame, and at a reasonable cost, if any. • Informs Data Subjects If Access Is Denied — When data subjects are denied access to their personal information, the entity informs them of the denial and the reason for the denial in a timely manner, unless prohibited by law or regulation.		2

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA	BuiltIn
SOC 2 Type 2	4054785f-702b-4a98-9215-009cbd58b141	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29	add	ad1d562b-a04b-15d3-6770-ed310b601cb5

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC