last sync: 2024-Jun-13 18:14:14 UTC

Establish relationship between incident response capability and external providers | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Establish relationship between incident response capability and external providers
Id b470a37a-7a47-3792-34dd-7a793140702e
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1376 - Establish relationship between incident response capability and external providers
Additional metadata Name/Id: CMA_C1376 / CMA_C1376
Category: Operational
Title: Establish relationship between incident response capability and external providers
Ownership: Customer
Description: The customer is responsible for establishing relationships between its incident response capability and external providers. Note: it is the customer's responsibility to provide accurate and current contact information to Microsoft Azure in order to receive notifications of security incidents involving the potential breach of customer data.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 10 compliance controls are associated with this Policy definition 'Establish relationship between incident response capability and external providers' (b470a37a-7a47-3792-34dd-7a793140702e)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IR-7(2) FedRAMP_High_R4_IR-7(2) FedRAMP High IR-7 (2) Incident Response Coordination With External Providers Shared n/a The organization: (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (b) Identifies organizational incident response team members to the external providers. Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks. link 2
FedRAMP_Moderate_R4 IR-7(2) FedRAMP_Moderate_R4_IR-7(2) FedRAMP Moderate IR-7 (2) Incident Response Coordination With External Providers Shared n/a The organization: (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (b) Identifies organizational incident response team members to the external providers. Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks. link 2
hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 15 Incident Management 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements Shared n/a Management approves the use of information assets and takes appropriate action when unauthorized activity occurs. 16
hipaa 1505.11a1Organizational.13-11.a hipaa-1505.11a1Organizational.13-11.a 1505.11a1Organizational.13-11.a 15 Incident Management 1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a A formal security incident response program has been established to respond, report (without fear of repercussion), escalate and treat breaches and reported security events or incidents. Organization-wide standards are specified for the time required for system administrators and other personnel to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification. This reporting includes notifying internal and external stakeholders, the appropriate community Computer Emergency Response Team, and law enforcement agencies in accordance with all legal or regulatory requirements for involving such organizations in computer incidents. 19
hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 15 Incident Management 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements Shared n/a Incidents are promptly reported to the appropriate authorities and outside parties (e.g., FedCIRC, CERT/CC). 4
NIST_SP_800-53_R4 IR-7(2) NIST_SP_800-53_R4_IR-7(2) NIST SP 800-53 Rev. 4 IR-7 (2) Incident Response Coordination With External Providers Shared n/a The organization: (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (b) Identifies organizational incident response team members to the external providers. Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks. link 2
NIST_SP_800-53_R5 IR-7(2) NIST_SP_800-53_R5_IR-7(2) NIST SP 800-53 Rev. 5 IR-7 (2) Incident Response Coordination with External Providers Shared n/a (a) Establish a direct, cooperative relationship between its incident response capability and external providers of system protection capability; and (b) Identify organizational incident response team members to the external providers. link 2
op.exp.7 Incident management op.exp.7 Incident management 404 not found n/a n/a 103
SWIFT_CSCF_v2022 11.4 SWIFT_CSCF_v2022_11.4 SWIFT CSCF v2022 11.4 11. Monitor in case of Major Disaster Ensure an adequate escalation of operational malfunctions in case of customer impact. Shared n/a Ensure an adequate escalation of operational malfunctions in case of customer impact. link 14
SWIFT_CSCF_v2022 11.5 SWIFT_CSCF_v2022_11.5 SWIFT CSCF v2022 11.5 11. Monitor in case of Major Disaster Effective support is offered to customers in case they face problems during their business hours. Shared n/a Effective support is offered to customers in case they face problems during their business hours. link 10
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add b470a37a-7a47-3792-34dd-7a793140702e
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC