last sync: 2024-Nov-01 18:49:23 UTC

Adjust level of audit review, analysis, and reporting | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Adjust level of audit review, analysis, and reporting
Id de251b09-4a5e-1204-4bef-62ac58d47999
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1123 - Adjust level of audit review, analysis, and reporting
Additional metadata Name/Id: CMA_C1123 / CMA_C1123
Category: Operational
Title: Adjust level of audit review, analysis, and reporting
Ownership: Customer
Description: The customer is responsible for adjusting the level of audit review, analysis, and reporting for customer-deployed resources when there is a change in risk based on information provided by law enforcement, intelligence, or other credible sources.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 5 compliance controls are associated with this Policy definition 'Adjust level of audit review, analysis, and reporting' (de251b09-4a5e-1204-4bef-62ac58d47999)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 AU-6(10) FedRAMP_High_R4_AU-6(10) FedRAMP High AU-6 (10) Audit And Accountability Audit Level Adjustment Shared n/a The organization adjusts the level of audit review, analysis, and reporting within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information. Supplemental Guidance: The frequency, scope, and/or depth of the audit review, analysis, and reporting may be adjusted to meet organizational needs based on new information received. link 1
hipaa 0202.09j1Organizational.3-09.j hipaa-0202.09j1Organizational.3-09.j 0202.09j1Organizational.3-09.j 02 Endpoint Protection 0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code Shared n/a Audit logs of the scans are maintained. 15
hipaa 12101.09ab1Organizational.3-09.ab hipaa-12101.09ab1Organizational.3-09.ab 12101.09ab1Organizational.3-09.ab 12 Audit Logging & Monitoring 12101.09ab1Organizational.3-09.ab 09.10 Monitoring Shared n/a The organization specifies how often audit logs are reviewed, how the reviews are documented, and the specific roles and responsibilities of the personnel conducting the reviews, including the professional certifications or other qualifications required. 18
ISO27001-2013 C.9.2.e ISO27001-2013_C.9.2.e ISO 27001:2013 C.9.2.e Performance Evaluation Internal audit Shared n/a The organization shall conduct internal audits at planned intervals to provide information on whether the information security management system: e) select auditors and conduct audits that ensure objectivity and the impartiality of the audit process. link 5
NIST_SP_800-53_R4 AU-6(10) NIST_SP_800-53_R4_AU-6(10) NIST SP 800-53 Rev. 4 AU-6 (10) Audit And Accountability Audit Level Adjustment Shared n/a The organization adjusts the level of audit review, analysis, and reporting within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information. Supplemental Guidance: The frequency, scope, and/or depth of the audit review, analysis, and reporting may be adjusted to meet organizational needs based on new information received. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add de251b09-4a5e-1204-4bef-62ac58d47999
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC