AzPolicyAdvertizer

last sync: 2025-Mar-23 22:31:17 UTC

Establish information security workforce development and improvement program | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Establish information security workforce development and improvement program
Id b544f797-a73b-1be3-6d01-6b1a085376bc
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1752 - Establish information security workforce development and improvement program
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Additional metadata Name/Id: CMA_C1752 / CMA_C1752
Category: Documentation
Title: Establish information security workforce development and improvement program
Ownership: Customer
Description: The customer is responsible for establishing an information security workforce development and improvement program.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 14 compliance controls are associated with this Policy definition 'Establish information security workforce development and improvement program' (b544f797-a73b-1be3-6d01-6b1a085376bc)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 0107.02d1Organizational.1-02.d hipaa-0107.02d1Organizational.1-02.d 0107.02d1Organizational.1-02.d 01 Information Protection Program 0107.02d1Organizational.1-02.d 02.03 During Employment Shared n/a The organization has an information security workforce improvement program. 1
hipaa 0110.02d2Organizational.1-02.d hipaa-0110.02d2Organizational.1-02.d 0110.02d2Organizational.1-02.d 01 Information Protection Program 0110.02d2Organizational.1-02.d 02.03 During Employment Shared n/a An individual or dedicated team is assigned to manage the information security of the organization's users. 2
hipaa 0118.05a1Organizational.2-05.a hipaa-0118.05a1Organizational.2-05.a 0118.05a1Organizational.2-05.a 01 Information Protection Program 0118.05a1Organizational.2-05.a 05.01 Internal Organization Shared n/a Senior management assigns an individual or group to ensure the effectiveness of the information protection program through program oversight; establish and communicate the organization's priorities for organizational mission, objectives, and activities; review and update of the organization's security plan; ensure compliance with the security plan by the workforce; and evaluate and accept security risks on behalf of the organization. 8
hipaa 0135.02f1Organizational.56-02.f hipaa-0135.02f1Organizational.56-02.f 0135.02f1Organizational.56-02.f 01 Information Protection Program 0135.02f1Organizational.56-02.f 02.03 During Employment Shared n/a The organization employs a formal sanctions process for personnel failing to comply with established information security policies and procedures, and notifies defined personnel (e.g., supervisors) within a defined time frame (e.g., 24 hours) when a formal sanction process is initiated, identifying the individual sanctioned and the reason for the sanction. Further, the organization includes specific procedures for license, registration, and certification denial or revocation and other disciplinary action. 4
hipaa 1525.11a1Organizational.6-11.a hipaa-1525.11a1Organizational.6-11.a 1525.11a1Organizational.6-11.a 15 Incident Management 1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a The organization takes disciplinary action against workforce members that fail to cooperate with federal and state investigations. 6
ISO27001-2013 A.7.2.2 ISO27001-2013_A.7.2.2 ISO 27001:2013 A.7.2.2 Human Resources Security Information security awareness, education and training Shared n/a All employees of the organization and, where relevant, contractors shall receive appropriate awareness training and regular updates in organizational policies and procedures, as relevant for their job function. link 15
mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found n/a n/a 71
mp.per.1 Job characterization mp.per.1 Job characterization 404 not found n/a n/a 41
mp.per.3 Awareness mp.per.3 Awareness 404 not found n/a n/a 15
mp.per.4 Training mp.per.4 Training 404 not found n/a n/a 14
mp.s.1 E-mail protection mp.s.1 E-mail protection 404 not found n/a n/a 48
mp.s.3 Protection of web browsing mp.s.3 Protection of web browsing 404 not found n/a n/a 51
mp.si.3 Custody mp.si.3 Custody 404 not found n/a n/a 27
PCI_DSS_v4.0 12.6.1 PCI_DSS_v4.0_12.6.1 PCI DSS v4.0 12.6.1 Requirement 12: Support Information Security with Organizational Policies and Programs Security awareness education is an ongoing activity Shared n/a A formal security awareness program is implemented to make all personnel aware of the entity’s information security policy and procedures, and their role in protecting the cardholder data. link 2
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn unknown
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn true
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn true
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add b544f797-a73b-1be3-6d01-6b1a085376bc
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC