AzPolicyAdvertizer

last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Develop and document a DDoS response plan

Name

Develop and document a DDoS response plan
Azure Portal

Id

b7306e73-0494-83a2-31f5-280e934a8f70

Version

1.1.0
details on versioning

Category

Regulatory Compliance
Microsoft docs

Description

CMA_0147 - Develop and document a DDoS response plan

Mode

All

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC
Role(s)

none

Rule
Aliases

Rule
ResourceTypes

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 4 compliance controls are associated with this Policy definition 'Develop and document a DDoS response plan' (b7306e73-0494-83a2-31f5-280e934a8f70)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
FedRAMP_High_R4	SC-5	FedRAMP_High_R4_SC-5	FedRAMP High SC-5	System And Communications Protection	Denial Of Service Protection	Shared	n/a	The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or reference to source for such information] by employing [Assignment: organization-defined security safeguards]. Supplemental Guidance: A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks. Related controls: SC-6, SC-7. References: None.	link	5
FedRAMP_Moderate_R4	SC-5	FedRAMP_Moderate_R4_SC-5	FedRAMP Moderate SC-5	System And Communications Protection	Denial Of Service Protection	Shared	n/a	The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or reference to source for such information] by employing [Assignment: organization-defined security safeguards]. Supplemental Guidance: A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks. Related controls: SC-6, SC-7. References: None.	link	5
NIST_SP_800-53_R4	SC-5	NIST_SP_800-53_R4_SC-5	NIST SP 800-53 Rev. 4 SC-5	System And Communications Protection	Denial Of Service Protection	Shared	n/a	The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or reference to source for such information] by employing [Assignment: organization-defined security safeguards]. Supplemental Guidance: A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks. Related controls: SC-6, SC-7. References: None.	link	5
NIST_SP_800-53_R5	SC-5	NIST_SP_800-53_R5_SC-5	NIST SP 800-53 Rev. 5 SC-5	System and Communications Protection	Denial-of-service Protection	Shared	n/a	a. [Selection: Protect against;Limit] the effects of the following types of denial-of-service events: [Assignment: organization-defined types of denial-of-service events]; and b. Employ the following controls to achieve the denial-of-service objective: [Assignment: organization-defined controls by type of denial-of-service event].	link	5

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	b7306e73-0494-83a2-31f5-280e934a8f70

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn
FedRAMP Moderate	e95f5a9f-57ad-4d03-bb0b-b1d16db93693	Regulatory Compliance	GA	BuiltIn
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn
NIST SP 800-53 Rev. 5	179d1daa-458f-4e47-8086-2a68d0d6c38f	Regulatory Compliance	GA	BuiltIn

JSON