last sync: 2024-Jun-13 18:14:14 UTC

Publish rules and regulations accessing Privacy Act records | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Publish rules and regulations accessing Privacy Act records
Id ad1d562b-a04b-15d3-6770-ed310b601cb5
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1847 - Publish rules and regulations accessing Privacy Act records
Additional metadata Name/Id: CMA_C1847 / CMA_C1847
Category: Operational
Title: Publish rules and regulations accessing Privacy Act records
Ownership: Customer
Description: The customer is responsible for publishing rules and regulations governing how individuals may request access to records maintained in a Privacy Act system of records.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 3 compliance controls are associated with this Policy definition 'Publish rules and regulations accessing Privacy Act records' (ad1d562b-a04b-15d3-6770-ed310b601cb5)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Operations Security Event Logging Shared n/a Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed. link 53
op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found n/a n/a 67
SOC_2 P5.1 SOC_2_P5.1 SOC 2 Type 2 P5.1 Additional Criteria For Privacy Personal information access Shared The customer is responsible for implementing this recommendation. • Authenticates Data Subjects’ Identity — The identity of data subjects who request access to their personal information is authenticated before they are given access to that information. • Permits Data Subjects Access to Their Personal Information — Data subjects are able to determine whether the entity maintains personal information about them and, upon request, may obtain access to their personal information. • Provides Understandable Personal Information Within Reasonable Time — Personal information is provided to data subjects in an understandable form, in a reasonable time frame, and at a reasonable cost, if any. • Informs Data Subjects If Access Is Denied — When data subjects are denied access to their personal information, the entity informs them of the denial and the reason for the denial in a timely manner, unless prohibited by law or regulation. 2
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add ad1d562b-a04b-15d3-6770-ed310b601cb5
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC