last sync: 2024-Oct-11 17:51:27 UTC

Coordinate with external organizations to achieve cross org perspective | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Coordinate with external organizations to achieve cross org perspective
Id d4e6a629-28eb-79a9-000b-88030e4823ca
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1368 - Coordinate with external organizations to achieve cross org perspective
Additional metadata Name/Id: CMA_C1368 / CMA_C1368
Category: Operational
Title: Coordinate with external organizations to achieve cross org perspective
Ownership: Customer
Description: The customer is responsible for coordinating with external organizations to achieve a cross-organizational perspective on incident awareness and more effective incident responses.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 6 compliance controls are associated with this Policy definition 'Coordinate with external organizations to achieve cross org perspective' (d4e6a629-28eb-79a9-000b-88030e4823ca)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IR-4(8) FedRAMP_High_R4_IR-4(8) FedRAMP High IR-4 (8) Incident Response Correlation With External Organizations Shared n/a The organization coordinates with [Assignment: organization-defined external organizations] to correlate and share [Assignment: organization-defined incident information] to achieve a cross- organization perspective on incident awareness and more effective incident responses. Supplemental Guidance: The coordination of incident information with external organizations including, for example, mission/business partners, military/coalition partners, customers, and multitiered developers, can provide significant benefits. Cross-organizational coordination with respect to incident handling can serve as an important risk management capability. This capability allows organizations to leverage critical information from a variety of sources to effectively respond to information security-related incidents potentially affecting the organization’s operations, assets, and individuals. link 1
hipaa 1524.11a1Organizational.5-11.a hipaa-1524.11a1Organizational.5-11.a 1524.11a1Organizational.5-11.a 15 Incident Management 1524.11a1Organizational.5-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a Workforce members cooperate with federal or state investigations or disciplinary proceedings. 3
NIST_SP_800-171_R2_3 .6.1 NIST_SP_800-171_R2_3.6.1 NIST SP 800-171 R2 3.6.1 Incident response Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. Shared Microsoft and the customer share responsibilities for implementing this requirement. Organizations recognize that incident handling capability is dependent on the capabilities of organizational systems and the mission/business processes being supported by those systems. Organizations consider incident handling as part of the definition, design, and development of mission/business processes and systems. Incident-related information can be obtained from a variety of sources including audit monitoring, network monitoring, physical access monitoring, user and administrator reports, and reported supply chain events. Effective incident handling capability includes coordination among many organizational entities including mission/business owners, system owners, authorizing officials, human resources offices, physical and personnel security offices, legal departments, operations personnel, procurement offices, and the risk executive. As part of user response activities, incident response training is provided by organizations and is linked directly to the assigned roles and responsibilities of organizational personnel to ensure that the appropriate content and level of detail is included in such training. For example, regular users may only need to know who to call or how to recognize an incident on the system; system administrators may require additional training on how to handle or remediate incidents; and incident responders may receive more specific training on forensics, reporting, system recovery, and restoration. Incident response training includes user training in the identification/reporting of suspicious activities from external and internal sources. User response activities also includes incident response assistance which may consist of help desk support, assistance groups, and access to forensics services or consumer redress services, when required. [SP 800-61] provides guidance on incident handling. [SP 800-86] and [SP 800-101] provide guidance on integrating forensic techniques into incident response. [SP 800-161] provides guidance on supply chain risk management. link 12
NIST_SP_800-53_R4 IR-4(8) NIST_SP_800-53_R4_IR-4(8) NIST SP 800-53 Rev. 4 IR-4 (8) Incident Response Correlation With External Organizations Shared n/a The organization coordinates with [Assignment: organization-defined external organizations] to correlate and share [Assignment: organization-defined incident information] to achieve a cross- organization perspective on incident awareness and more effective incident responses. Supplemental Guidance: The coordination of incident information with external organizations including, for example, mission/business partners, military/coalition partners, customers, and multitiered developers, can provide significant benefits. Cross-organizational coordination with respect to incident handling can serve as an important risk management capability. This capability allows organizations to leverage critical information from a variety of sources to effectively respond to information security-related incidents potentially affecting the organization’s operations, assets, and individuals. link 1
NIST_SP_800-53_R5 IR-4(8) NIST_SP_800-53_R5_IR-4(8) NIST SP 800-53 Rev. 5 IR-4 (8) Incident Response Correlation with External Organizations Shared n/a Coordinate with [Assignment: organization-defined external organizations] to correlate and share [Assignment: organization-defined incident information] to achieve a cross-organization perspective on incident awareness and more effective incident responses. link 1
SOC_2 CC7.5 SOC_2_CC7.5 SOC 2 Type 2 CC7.5 System Operations Recovery from identified security incidents Shared The customer is responsible for implementing this recommendation. • Restores the Affected Environment — The activities restore the affected environment to functional operation by rebuilding systems, updating software, installing patches, and changing configurations, as needed. • Communicates Information About the Event — Communications about the nature of the incident, recovery actions taken, and activities required for the prevention of future security events are made to management and others as appropriate (internal and external). • Determines Root Cause of the Event — The root cause of the event is determined. • Implements Changes to Prevent and Detect Recurrences — Additional architecture or changes to preventive and detective controls, or both, are implemented to prevent and detect recurrences on a timely basis. • Improves Response and Recovery Procedures — Lessons learned are analyzed and the incident-response plan and recovery procedures are improved. • Implements Incident-Recovery Plan Testing — Incident-recovery plan testing is performed on a periodic basis. The testing includes (1) development of testing scenarios based on threat likelihood and magnitude; (2) consideration of relevant system components from across the entity that can impair availability; (3) scenarios that consider the potential for the lack of availability of key personnel; and (4) revision of continuity plans and systems based on test results 19
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add d4e6a629-28eb-79a9-000b-88030e4823ca
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC