last sync: 2024-Jun-14 18:20:16 UTC

Microsoft Managed Control 1582 - Information System Documentation | Regulatory Compliance - System and Services Acquisition

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1582 - Information System Documentation
Id cd9e2f38-259b-462c-bfad-0ad7ab4e65c5
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Services Acquisition control
Additional metadata Name/Id: ACF1582 / Microsoft Managed Control 1582
Category: System and Services Acquisition
Title: Information System Documentation - System Documentation, When Such Documentation Unavailable
Ownership: Customer, Microsoft
Description: The organization: Documents attempts to obtain information system, system component, or information system service documentation when such documentation is either unavailable or nonexistent and takes Organization-defined actions in response;
Requirements: Azure addresses attempts to obtain information system, system component, or information system service documentation when such documentation is either unavailable or nonexistent with preventive and detective measures. As a preventive measure, Azure requires only current software to be installed in the environment. The only operating system and server application software versions allowed in Online Services datacenters are approved current versions, approved legacy versions, and approved pre-release versions. In the case there is an inability to obtain needed documentation due to the age of the information system/component, the organization would track those needs via the Microsoft Operations Center (MOC). As a detective measure, the MOC maintains Troubleshooting Guides (TSGs) to address issues in the Azure environment with physical and virtual assets. These TSGs include low level design details to allow for Microsoft personnel to effectively analyze assets. The TSGs are widely available to all users of the environment; however, sensitive information (i.e. system architecture) is stored separately and requires user login/password to access. Access to the sensitive information is restricted to only MOC personnel. Documentation for externally-provided software (scanning tools) is available online at vendor websites.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC