AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

Microsoft Managed Control 1351 - Incident Response Policy And Procedures | Regulatory Compliance - Incident Response

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1351 - Incident Response Policy And Procedures
Id bcfb6683-05e5-4ce6-9723-c3fbe9896bdd
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Incident Response control
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy bcfb6683-05e5-4ce6-9723-c3fbe9896bdd
Additional metadata Name/Id: ACF1351 / Microsoft Managed Control 1351
Category: Incident Response
Title: Incident Response Policy And Procedures - Creating Policy And Procedures
Ownership: Customer, Microsoft
Description: The organization: Develops, documents, and disseminates to personnel with incident response roles and responsibilities: An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Procedures to facilitate the implementation of the incident response policy and associated incident response controls; and
Requirements: Azure addresses the incident management policy as part of the Microsoft security policies, of which there are two sets: the Microsoft Security Policy (MSP) that is applicable to all personnel, and the Microsoft Security Program Policy (MSPP), which is applicable to all personnel that have a responsibility for security. The Microsoft Information Risk Management Council (IRMC) is the governance body with review and approval responsibility for the MSP and MSPP. Within Azure, the MSPP specifically applies to all personnel involved in designing, building, and operating Azure and across all information and processes used in the conduct of Microsoft business. All Azure personnel are accountable and responsible for complying with these guiding principles within their designated roles. The policy addresses the following: * Incident management * Procedures and training * Incident evidence * Incident management capabilities Additionally, the policy addresses the purpose, scope, roles, responsibilities, compliance requirements, and required coordination among the various Microsoft organizations that provide some level of support to all services. The policies indicate Microsoft management’s commitment and are a component of the risk management strategy which provides Azure personnel with a current set of clear and concise information security requirements. All information gathered during incident remediation activities is to be treated as Microsoft Confidential Information. The Microsoft Cloud and Artificial Intelligence Incident Management SOP implements the incident management policy and associated controls and documents the following procedures: * Notification processes * Security incident data collection and analysis processes * A security incident documentation template and repository * An internal and external communication plan * Recovery procedures for system failures, data corruption, loss or denial of service, and total service compromise incidents * A process for post-mortem analysis The MSP is available to all Microsoft personnel on the Microsoft Policy website on the Microsoft intranet, and the MSPP and Security Standards are available through the Liquid tool, also on the Microsoft intranet. The Azure SOPs are stored in the Azure Security, Privacy & Compliance SharePoint site. This SharePoint site is accessible to all Azure personnel. Service teams may supplement the Azure policies and procedures with offering-specific policies and procedures. Service-team-specific policies and procedures associated with incident management are documented and stored within internal Azure SharePoint sites. Only personnel with authorized credentials, adequate levels of permission, legitimate need to know, and specific roles and responsibilities are given access to the service-team-specific policies or procedures.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance
The following 2 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1351 - Incident Response Policy And Procedures' (bcfb6683-05e5-4ce6-9723-c3fbe9896bdd)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 IR. Incident Response Incident handling n/a Where essential or important entities become aware of a significant incident, they should be required to submit an early warning without undue delay and in any event within 24 hours. That early warning should be followed by an incident notification. The entities concerned should submit an incident notification without undue delay and in any event within 72 hours of becoming aware of the significant incident, with the aim, in particular, of updating information submitted through the early warning and indicating an initial assessment of the significant incident, including its severity and impact, as well as indicators of compromise, where available. A final report should be submitted not later than one month after the incident notification. The early warning should only include the information necessary to make the CSIRT, or where applicable the competent authority, aware of the significant incident and allow the entity concerned to seek assistance, if required. Such early warning, where applicable, should indicate whether the significant incident is suspected of being caused by unlawful or malicious acts, and whether it is likely to have a cross-border impact. Member States should ensure that the obligation to submit that early warning, or the subsequent incident notification, does not divert the notifying entity’s resources from activities related to incident handling that should be prioritised, in order to prevent incident reporting obligations from either diverting resources from significant incident response handling or otherwise compromising the entity’s efforts in that respect. 27.12.2022 EN Official Journal of the European Union L 333/99 In the event of an ongoing incident at the time of the submission of the final report, Member States should ensure that entities concerned provide a progress report at that time, and a final report within one month of their handling of the significant incident 34
op.exp.7 Incident management op.exp.7 Incident management 404 not found n/a n/a 103
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn unknown
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC