last sync: 2024-May-24 18:03:04 UTC

Take action in response to customer information | Regulatory Compliance - Documentation

Azure BuiltIn Policy definition

Source Azure Portal
Display name Take action in response to customer information
Id d25cbded-121e-0ed6-1857-dc698c9095b1
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1554 - Take action in response to customer information
Additional metadata Name/Id: CMA_C1554 / CMA_C1554
Category: Documentation
Title: Take action in response to customer information
Ownership: Customer
Description: The customer is responsible for taking action in response to customer information that is discoverable by adversaries.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 3 compliance controls are associated with this Policy definition 'Take action in response to customer information' (d25cbded-121e-0ed6-1857-dc698c9095b1)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 RA-5(4) FedRAMP_High_R4_RA-5(4) FedRAMP High RA-5 (4) Risk Assessment Discoverable Information Shared n/a The organization determines what information about the information system is discoverable by adversaries and subsequently takes [Assignment: organization-defined corrective actions]. Supplemental Guidance: Discoverable information includes information that adversaries could obtain without directly compromising or breaching the information system, for example, by collecting information the system is exposing or by conducting extensive searches of the web. Corrective actions can include, for example, notifying appropriate organizational personnel, removing designated information, or changing the information system to make designated information less relevant or attractive to adversaries. Related control: AU-13. link 1
NIST_SP_800-53_R4 RA-5(4) NIST_SP_800-53_R4_RA-5(4) NIST SP 800-53 Rev. 4 RA-5 (4) Risk Assessment Discoverable Information Shared n/a The organization determines what information about the information system is discoverable by adversaries and subsequently takes [Assignment: organization-defined corrective actions]. Supplemental Guidance: Discoverable information includes information that adversaries could obtain without directly compromising or breaching the information system, for example, by collecting information the system is exposing or by conducting extensive searches of the web. Corrective actions can include, for example, notifying appropriate organizational personnel, removing designated information, or changing the information system to make designated information less relevant or attractive to adversaries. Related control: AU-13. link 1
NIST_SP_800-53_R5 RA-5(4) NIST_SP_800-53_R5_RA-5(4) NIST SP 800-53 Rev. 5 RA-5 (4) Risk Assessment Discoverable Information Shared n/a Determine information about the system that is discoverable and take [Assignment: organization-defined corrective actions]. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add d25cbded-121e-0ed6-1857-dc698c9095b1
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC