AzPolicyAdvertizer

last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Implement plans of action and milestones for security program process

Name Implement plans of action and milestones for security program process
Azure Portal
Id d93fe1be-13e4-421d-9c21-3158e2fa2667
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1737 - Implement plans of action and milestones for security program process
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)		 none
Rule
Aliases
Rule
ResourceTypes		 IF (1)
Microsoft.Resources/subscriptions
Compliance The following 3 compliance controls are associated with this Policy definition 'Implement plans of action and milestones for security program process' (d93fe1be-13e4-421d-9c21-3158e2fa2667)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
hipaa 0179.05h1Organizational.4-05.h hipaa-0179.05h1Organizational.4-05.h 0179.05h1Organizational.4-05.h 01 Information Protection Program 0179.05h1Organizational.4-05.h 05.01 Internal Organization Shared n/a If an independent review identifies that the organization's approach and implementation to managing information security is inadequate or not compliant with the direction for information security stated in the information security policy document, management takes corrective actions. 3
ISO27001-2013 C.9.3.a ISO27001-2013_C.9.3.a ISO 27001:2013 C.9.3.a Performance Evaluation Management review Shared n/a Top management shall review the organization’s information security management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness. The management review shall include consideration of: a) the status of actions from previous management reviews; The outputs of the management review shall include decisions related to continual improvement opportunities and any needs for changes to the information security management system. The organization shall retain documented information as evidence of the results of management reviews. link 5
NIST_SP_800-171_R2_3 .12.2 NIST_SP_800-171_R2_3.12.2 NIST SP 800-171 R2 3.12.2 Security Assessment Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. Shared Microsoft and the customer share responsibilities for implementing this requirement. The plan of action is a key document in the information security program. Organizations develop plans of action that describe how any unimplemented security requirements will be met and how any planned mitigations will be implemented. Organizations can document the system security plan and plan of action as separate or combined documents and in any chosen format. Federal agencies may consider the submitted system security plans and plans of action as critical inputs to an overall risk management decision to process, store, or transmit CUI on a system hosted by a nonfederal organization and whether it is advisable to pursue an agreement or contract with the nonfederal organization. [NIST CUI] provides supplemental material for Special Publication 800-171 including templates for plans of action. link 4
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add d93fe1be-13e4-421d-9c21-3158e2fa2667
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
JSON