last sync: 2024-Jun-13 18:14:14 UTC

Microsoft Managed Control 1167 - Continuous Monitoring | Regulatory Compliance - Security Assessment and Authorization

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1167 - Continuous Monitoring
Id cbb2be76-4891-430b-95a7-ca0b0a3d1300
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Security Assessment and Authorization control
Additional metadata Name/Id: ACF1167 / Microsoft Managed Control 1167
Category: Security Assessment and Authorization
Title: Continuous Monitoring - Security Status Reporting
Ownership: Customer, Microsoft
Description: The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: Reporting the security status of organization and the information system to Customers and specific to the FedRAMP certification, the FedRAMP JAB; Monthly.
Requirements: Any new deficiencies that are identified from the security control assessments are documented in the POA&M. The POA&M is continuously updated and used to report on the security state of the information system as part of monthly reviews. POA&M updates are reviewed and validated by the Third Party Assessment Organization (3PAO), and are provided to customers and the FedRAMP JAB, DISA/DoD authorizing officials, and other regulators monthly, consistent with requirements.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC