Microsoft implements this Security Assessment and Authorization control
Name/Id: ACF1146 / Microsoft Managed Control 1146 Category: Security Assessment and Authorization Title: Security Assessments - Results Report Ownership: Customer, Microsoft Description: The organization: Produces a security assessment report that documents the results of the assessment; and Requirements: Upon completion of the security assessment, a Security Assessment Report (SAR) is developed by the Third Party Assessment Organization (3PAO) to document the results of security assessment and the risks associated with the system. The SAR documents the results of the assessment, including security controls that are considered other than satisfied, security control weaknesses, recommended remediation steps, and the risks associated with the system.
Rule resource types
IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups