AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

Microsoft Managed Control 1353 - Incident Response Training | Regulatory Compliance - Incident Response

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1353 - Incident Response Training
Id c785ad59-f78f-44ad-9a7f-d1202318c748
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Incident Response control
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy c785ad59-f78f-44ad-9a7f-d1202318c748
Additional metadata Name/Id: ACF1353 / Microsoft Managed Control 1353
Category: Incident Response
Title: Incident Response Training - Required Timeframe
Ownership: Customer, Microsoft
Description: The organization provides incident response training to information system users consistent with assigned roles and responsibilities: Within as part of onboarding of assuming an incident response role or responsibility;
Requirements: Microsoft provides training annually to all Azure personnel on how to recognize, respond to, and report incidents as part of the basic security awareness training provided via the Security and Privacy Foundations and STRIKE training. As documented in the Azure Incident Management SOP, incident managers ensure that all personnel, including new hires, are trained on incident handling procedures and protocols consistent with assigned roles and responsibilities. This training is comprised of on-the-job oversight by current members of the Security Response Team. The Security Response Team uses job shadowing of real incidents and red team engagements due to the centralized nature of the incident management function in Azure and the availability of job-shadowing within the Security Response Team. Live, ongoing, on-the-job training provides a more thorough and realistic incident management training environment by indoctrinating all stakeholders with the incident management procedures in real time. After a period of apprenticeship, generally around sixty days, the Security Response Team provides unaccompanied access to all necessary systems, if appropriate. While there is no specific annual refresher course in incident management, the Security Response Team is continuously trained through daily incident management activities, team meetings, and engagement with external organizations. The following roles in Azure Incident Management require specific on-boarding training: Incident Engineer, Incident Manager, Security Incident Engineer, Security Incident Manager, and Communications Manager. Part of the training replicates a real incident and walks personnel through the incident management process. Additionally, incident management tests and exercises are considered in-place training and are used to support other onsite training for new employees and other support staff with incident roles. Personnel are not made aware that they are being tested during incident management tests. As part of the service team-specific incident management procedures, each team provides additional information and training to provide an understanding of the team’s distinct responsibilities and accountabilities in support of incident management. Service teams designate incident management personnel or distribution lists as part of Service Tree configurations.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance
The following 2 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1353 - Incident Response Training' (c785ad59-f78f-44ad-9a7f-d1202318c748)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
NIS2 IR._Incident_Response_2 NIS2_IR._Incident_Response_2 NIS2_IR._Incident_Response_2 IR. Incident Response Incident handling n/a Where essential or important entities become aware of a significant incident, they should be required to submit an early warning without undue delay and in any event within 24 hours. That early warning should be followed by an incident notification. The entities concerned should submit an incident notification without undue delay and in any event within 72 hours of becoming aware of the significant incident, with the aim, in particular, of updating information submitted through the early warning and indicating an initial assessment of the significant incident, including its severity and impact, as well as indicators of compromise, where available. A final report should be submitted not later than one month after the incident notification. The early warning should only include the information necessary to make the CSIRT, or where applicable the competent authority, aware of the significant incident and allow the entity concerned to seek assistance, if required. Such early warning, where applicable, should indicate whether the significant incident is suspected of being caused by unlawful or malicious acts, and whether it is likely to have a cross-border impact. Member States should ensure that the obligation to submit that early warning, or the subsequent incident notification, does not divert the notifying entity’s resources from activities related to incident handling that should be prioritised, in order to prevent incident reporting obligations from either diverting resources from significant incident response handling or otherwise compromising the entity’s efforts in that respect. 27.12.2022 EN Official Journal of the European Union L 333/99 In the event of an ongoing incident at the time of the submission of the final report, Member States should ensure that entities concerned provide a progress report at that time, and a final report within one month of their handling of the significant incident 34
op.exp.7 Incident management op.exp.7 Incident management 404 not found n/a n/a 103
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn unknown
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC