last sync: 2024-Jun-24 18:15:26 UTC

Use automated mechanisms for security alerts | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Use automated mechanisms for security alerts
Id b8689b2e-4308-a58b-a0b4-6f3343a000df
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1707 - Use automated mechanisms for security alerts
Additional metadata Name/Id: CMA_C1707 / CMA_C1707
Category: Operational
Title: Use automated mechanisms for security alerts
Ownership: Customer
Description: The customer is responsible for using automated mechanisms to make security alert and advisory information available throughout the organization.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 5 compliance controls are associated with this Policy definition 'Use automated mechanisms for security alerts' (b8689b2e-4308-a58b-a0b4-6f3343a000df)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SI-5(1) FedRAMP_High_R4_SI-5(1) FedRAMP High SI-5 (1) System And Information Integrity Automated Alerts And Advisories Shared n/a The organization employs automated mechanisms to make security alert and advisory information available throughout the organization. Supplemental Guidance: The significant number of changes to organizational information systems and the environments in which those systems operate requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational missions and business functions. Based on the information provided by the security alerts and advisories, changes may be required at one or more of the three tiers related to the management of information security risk including the governance level, mission/business process/enterprise architecture level, and the information system level. link 1
hipaa 1523.11c3Organizational.24-11.c hipaa-1523.11c3Organizational.24-11.c 1523.11c3Organizational.24-11.c 15 Incident Management 1523.11c3Organizational.24-11.c 11.02 Management of Information Security Incidents and Improvements Shared n/a Incidents are promptly reported to the appropriate authorities and outside parties (e.g., FedCIRC, CERT/CC). 4
NIST_SP_800-53_R4 SI-5(1) NIST_SP_800-53_R4_SI-5(1) NIST SP 800-53 Rev. 4 SI-5 (1) System And Information Integrity Automated Alerts And Advisories Shared n/a The organization employs automated mechanisms to make security alert and advisory information available throughout the organization. Supplemental Guidance: The significant number of changes to organizational information systems and the environments in which those systems operate requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational missions and business functions. Based on the information provided by the security alerts and advisories, changes may be required at one or more of the three tiers related to the management of information security risk including the governance level, mission/business process/enterprise architecture level, and the information system level. link 1
NIST_SP_800-53_R5 SI-5(1) NIST_SP_800-53_R5_SI-5(1) NIST SP 800-53 Rev. 5 SI-5 (1) System and Information Integrity Automated Alerts and Advisories Shared n/a Broadcast security alert and advisory information throughout the organization using [Assignment: organization-defined automated mechanisms]. link 1
SWIFT_CSCF_v2022 2.2 SWIFT_CSCF_v2022_2.2 SWIFT CSCF v2022 2.2 2. Reduce Attack Surface and Vulnerabilities Minimise the occurrence of known technical vulnerabilities on operator PCs and within the local SWIFT infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned to the assessed risk. Shared n/a All hardware and software inside the secure zone and on operator PCs are within the support life cycle of the vendor, have been upgraded with mandatory software updates, and have had security updates promptly applied. link 11
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add b8689b2e-4308-a58b-a0b4-6f3343a000df
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC