last sync: 2024-Oct-04 17:51:30 UTC

Plan for continuance of essential business functions | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Plan for continuance of essential business functions
Id d9edcea6-6cb8-0266-a48c-2061fbac4310
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1255 - Plan for continuance of essential business functions
Additional metadata Name/Id: CMA_C1255 / CMA_C1255
Category: Operational
Title: Plan for continuance of essential business functions
Ownership: Customer
Description: The customer is responsible for continuing essential mission and business functions with little or no loss of operational continuity and sustain that continuity until full resource restoration has occurred at primary processing and/or storage sites for all customer-deployed resources. Microsoft Azure can support continued system operation during contingency activities if the customer configures Azure appropriately for reserving processing capacity in an alternate region.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 18 compliance controls are associated with this Policy definition 'Plan for continuance of essential business functions' (d9edcea6-6cb8-0266-a48c-2061fbac4310)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CP-2(5) FedRAMP_High_R4_CP-2(5) FedRAMP High CP-2 (5) Contingency Planning Continue Essential Missions / Business Functions Shared n/a The organization plans for the continuance of essential missions and business functions with little or no loss of operational continuity and sustains that continuity until full information system restoration at primary processing and/or storage sites. Supplemental Guidance: Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. Primary processing and/or storage sites defined by organizations as part of contingency planning may change depending on the circumstances associated with the contingency (e.g., backup sites may become primary sites). Related control: PE-12. link 1
ISO27001-2013 A.11.1.4 ISO27001-2013_A.11.1.4 ISO 27001:2013 A.11.1.4 Physical And Environmental Security Protecting against external and environmental threats Shared n/a Physical protection against natural disasters, malicious attack or accidents shall be designed and applied. link 9
ISO27001-2013 A.12.3.1 ISO27001-2013_A.12.3.1 ISO 27001:2013 A.12.3.1 Operations Security Information backup Shared n/a Backup copies of information, software and system images shall be taken and tested regularly in accordance with an agreed backup policy. link 13
ISO27001-2013 A.17.1.2 ISO27001-2013_A.17.1.2 ISO 27001:2013 A.17.1.2 Information Security Aspects Of Business Continuity Management Implementing information security continuity Shared n/a The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation. link 18
ISO27001-2013 A.17.2.1 ISO27001-2013_A.17.2.1 ISO 27001:2013 A.17.2.1 Information Security Aspects Of Business Continuity Management Availability of information processing facilities Shared n/a Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements. link 17
mp.eq.3 Protection of portable devices mp.eq.3 Protection of portable devices 404 not found n/a n/a 71
mp.eq.4 Other devices connected to the network mp.eq.4 Other devices connected to the network 404 not found n/a n/a 35
mp.if.1 Separate areas with access control mp.if.1 Separate areas with access control 404 not found n/a n/a 23
mp.if.3 Fitting-out of premises mp.if.3 Fitting-out of premises 404 not found n/a n/a 18
mp.if.5 Fire protection mp.if.5 Fire protection 404 not found n/a n/a 16
mp.if.6 Flood protection mp.if.6 Flood protection 404 not found n/a n/a 16
mp.info.6 Backups mp.info.6 Backups 404 not found n/a n/a 65
mp.si.2 Cryptography mp.si.2 Cryptography 404 not found n/a n/a 32
NIST_SP_800-53_R4 CP-2(5) NIST_SP_800-53_R4_CP-2(5) NIST SP 800-53 Rev. 4 CP-2 (5) Contingency Planning Continue Essential Missions / Business Functions Shared n/a The organization plans for the continuance of essential missions and business functions with little or no loss of operational continuity and sustains that continuity until full information system restoration at primary processing and/or storage sites. Supplemental Guidance: Organizations may choose to carry out the contingency planning activities in this control enhancement as part of organizational business continuity planning including, for example, as part of business impact analyses. Primary processing and/or storage sites defined by organizations as part of contingency planning may change depending on the circumstances associated with the contingency (e.g., backup sites may become primary sites). Related control: PE-12. link 1
NIST_SP_800-53_R5 CP-2(5) NIST_SP_800-53_R5_CP-2(5) NIST SP 800-53 Rev. 5 CP-2 (5) Contingency Planning Continue Mission and Business Functions Shared n/a Plan for the continuance of [Selection: all;essential] mission and business functions with minimal or no loss of operational continuity and sustains that continuity until full system restoration at primary processing and/or storage sites. link 1
SWIFT_CSCF_v2022 10.1 SWIFT_CSCF_v2022_10.1 SWIFT CSCF v2022 10.1 10. Be Ready in case of Major Disaster Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). Shared n/a Business continuity is ensured through a documented plan communicated to the potentially affected parties (service bureau and customers). link 5
SWIFT_CSCF_v2022 8.1 SWIFT_CSCF_v2022_8.1 SWIFT CSCF v2022 8.1 8. Set and Monitor Performance Ensure availability by formally setting and monitoring the objectives to be achieved Shared n/a Ensure availability by formally setting and monitoring the objectives to be achieved link 8
SWIFT_CSCF_v2022 8.4 SWIFT_CSCF_v2022_8.4 SWIFT CSCF v2022 8.4 8. Set and Monitor Performance Ensure availability, capacity, and quality of services to customers Shared n/a Ensure availability, capacity, and quality of services to customers link 7
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add d9edcea6-6cb8-0266-a48c-2061fbac4310
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC