last sync: 2024-Jun-24 18:15:26 UTC

Microsoft Managed Control 1562 - Allocation Of Resources | Regulatory Compliance - System and Services Acquisition

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1562 - Allocation Of Resources
Id d4142013-7964-4163-a313-a900301c2cef
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Services Acquisition control
Additional metadata Name/Id: ACF1562 / Microsoft Managed Control 1562
Category: System and Services Acquisition
Title: Allocation of Resources - Determine And Allocate Resources for Protection
Ownership: Customer, Microsoft
Description: The organization: Determines, documents, and allocates the resources required to protect the information system or information system service as part of its capital planning and investment control process; and
Requirements: Microsoft annually budgets funding necessary to support all systems and the corporate security posture across the entire company. Microsoft has determined, documented, and allocated the resources required to protect the information system as part of its capital budgeting process. The information security control requirements are documented in this SSP. In addition, as part of the budgeting process, C+AI Security conducts capacity planning which includes the determination of the overall size, performance and resilience of the system. These elements are important to the overall security functionality of the system in terms of how security controls impact Azure’s performance, as well as, how the resiliency of the system supports data availability and continuity objectives. Capacity planning depends largely upon the proposed usage of the system. Processing and storage requirements for Azure are defined before development in order to ensure adequate resources are available. Azure capacity planning includes operating requirements, projected trends, new business requirements, and resistance to denial-of-service attacks in order to avoid preventable system deficiencies. The capacity planning process is through C+AI Security and part of the budget allocation.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC