AzPolicyAdvertizer

last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Take action in response to customer information

Name

Take action in response to customer information
Azure Portal

Id

d25cbded-121e-0ed6-1857-dc698c9095b1

Version

1.1.0
details on versioning

Category

Regulatory Compliance
Microsoft docs

Description

CMA_C1554 - Take action in response to customer information

Mode

All

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC
Role(s)

none

Rule
Aliases

Rule
ResourceTypes

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 3 compliance controls are associated with this Policy definition 'Take action in response to customer information' (d25cbded-121e-0ed6-1857-dc698c9095b1)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
FedRAMP_High_R4	RA-5(4)	FedRAMP_High_R4_RA-5(4)	FedRAMP High RA-5 (4)	Risk Assessment	Discoverable Information	Shared	n/a	The organization determines what information about the information system is discoverable by adversaries and subsequently takes [Assignment: organization-defined corrective actions]. Supplemental Guidance: Discoverable information includes information that adversaries could obtain without directly compromising or breaching the information system, for example, by collecting information the system is exposing or by conducting extensive searches of the web. Corrective actions can include, for example, notifying appropriate organizational personnel, removing designated information, or changing the information system to make designated information less relevant or attractive to adversaries. Related control: AU-13.	link	1
NIST_SP_800-53_R4	RA-5(4)	NIST_SP_800-53_R4_RA-5(4)	NIST SP 800-53 Rev. 4 RA-5 (4)	Risk Assessment	Discoverable Information	Shared	n/a	The organization determines what information about the information system is discoverable by adversaries and subsequently takes [Assignment: organization-defined corrective actions]. Supplemental Guidance: Discoverable information includes information that adversaries could obtain without directly compromising or breaching the information system, for example, by collecting information the system is exposing or by conducting extensive searches of the web. Corrective actions can include, for example, notifying appropriate organizational personnel, removing designated information, or changing the information system to make designated information less relevant or attractive to adversaries. Related control: AU-13.	link	1
NIST_SP_800-53_R5	RA-5(4)	NIST_SP_800-53_R5_RA-5(4)	NIST SP 800-53 Rev. 5 RA-5 (4)	Risk Assessment	Discoverable Information	Shared	n/a	Determine information about the system that is discoverable and take [Assignment: organization-defined corrective actions].	link	1

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	d25cbded-121e-0ed6-1857-dc698c9095b1

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn
NIST SP 800-53 Rev. 5	179d1daa-458f-4e47-8086-2a68d0d6c38f	Regulatory Compliance	GA	BuiltIn

JSON