| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1582 - Information System Documentation | ||
| Id | cd9e2f38-259b-462c-bfad-0ad7ab4e65c5 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Services Acquisition control | ||
| Additional metadata |
Name/Id: ACF1582 / Microsoft Managed Control 1582 Category: System and Services Acquisition Title: Information System Documentation - System Documentation, When Such Documentation Unavailable Ownership: Customer, Microsoft Description: The organization: Documents attempts to obtain information system, system component, or information system service documentation when such documentation is either unavailable or nonexistent and takes Organization-defined actions in response; Requirements: Azure addresses attempts to obtain information system, system component, or information system service documentation when such documentation is either unavailable or nonexistent with preventive and detective measures. As a preventive measure, Azure requires only current software to be installed in the environment. The only operating system and server application software versions allowed in Online Services datacenters are approved current versions, approved legacy versions, and approved pre-release versions. In the case there is an inability to obtain needed documentation due to the age of the information system/component, the organization would track those needs via the Microsoft Operations Center (MOC). As a detective measure, the MOC maintains Troubleshooting Guides (TSGs) to address issues in the Azure environment with physical and virtual assets. These TSGs include low level design details to allow for Microsoft personnel to effectively analyze assets. The TSGs are widely available to all users of the environment; however, sensitive information (i.e. system architecture) is stored separately and requires user login/password to access. Access to the sensitive information is restricted to only MOC personnel. Documentation for externally-provided software (scanning tools) is available online at vendor websites. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|