last sync: 2024-Oct-11 17:51:27 UTC

Automate information sharing decisions | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Automate information sharing decisions
Id e54901fe-42c2-7f3b-3c5f-327aa5320a69
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_0028 - Automate information sharing decisions
Additional metadata Name/Id: CMA_0028 / CMA_0028
Category: Operational
Title: Automate information sharing decisions
Ownership: Customer
Description: Microsoft recommends that your organization use automated mechanisms or manual processes to assist users in making information sharing/collaboration decisions. Your organization should consider creating and maintaining Access Control policies and standard operating procedures that include details about the automated mechanisms or manual processes employed by your organization to assist your users in making information sharing/collaboration decisions.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 6 compliance controls are associated with this Policy definition 'Automate information sharing decisions' (e54901fe-42c2-7f3b-3c5f-327aa5320a69)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 AC-21 FedRAMP_High_R4_AC-21 FedRAMP High AC-21 Access Control Information Sharing Shared n/a The organization: a. Facilitates information sharing by enabling authorized users to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for [Assignment: organization-defined information sharing circumstances where user discretion is required]; and b. Employs [Assignment: organization-defined automated mechanisms or manual processes] to assist users in making information sharing/collaboration decisions.   Supplemental Guidance: This control applies to information that may be restricted in some manner (e.g., privileged medical information, contract-sensitive information, proprietary information, personally identifiable information, classified information related to special access programs or compartments) based on some formal or administrative determination. Depending on the particular information-sharing circumstances, sharing partners may be defined at the individual, group, or organizational level. Information may be defined by content, type, security category, or special access program/compartment. Related control: AC-3. References: None. link 2
FedRAMP_Moderate_R4 AC-21 FedRAMP_Moderate_R4_AC-21 FedRAMP Moderate AC-21 Access Control Information Sharing Shared n/a The organization: a. Facilitates information sharing by enabling authorized users to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for [Assignment: organization-defined information sharing circumstances where user discretion is required]; and b. Employs [Assignment: organization-defined automated mechanisms or manual processes] to assist users in making information sharing/collaboration decisions.   Supplemental Guidance: This control applies to information that may be restricted in some manner (e.g., privileged medical information, contract-sensitive information, proprietary information, personally identifiable information, classified information related to special access programs or compartments) based on some formal or administrative determination. Depending on the particular information-sharing circumstances, sharing partners may be defined at the individual, group, or organizational level. Information may be defined by content, type, security category, or special access program/compartment. Related control: AC-3. References: None. link 2
hipaa 0209.09m3Organizational.7-09.m hipaa-0209.09m3Organizational.7-09.m 0209.09m3Organizational.7-09.m 02 Endpoint Protection 0209.09m3Organizational.7-09.m 09.06 Network Security Management Shared n/a File sharing is disabled on wireless-enabled devices. 6
hipaa 0306.09q1Organizational.3-09.q hipaa-0306.09q1Organizational.3-09.q 0306.09q1Organizational.3-09.q 03 Portable Media Security 0306.09q1Organizational.3-09.q 09.07 Media Handling Shared n/a The status and location of unencrypted covered information is maintained and monitored. 6
NIST_SP_800-53_R4 AC-21 NIST_SP_800-53_R4_AC-21 NIST SP 800-53 Rev. 4 AC-21 Access Control Information Sharing Shared n/a The organization: a. Facilitates information sharing by enabling authorized users to determine whether access authorizations assigned to the sharing partner match the access restrictions on the information for [Assignment: organization-defined information sharing circumstances where user discretion is required]; and b. Employs [Assignment: organization-defined automated mechanisms or manual processes] to assist users in making information sharing/collaboration decisions.   Supplemental Guidance: This control applies to information that may be restricted in some manner (e.g., privileged medical information, contract-sensitive information, proprietary information, personally identifiable information, classified information related to special access programs or compartments) based on some formal or administrative determination. Depending on the particular information-sharing circumstances, sharing partners may be defined at the individual, group, or organizational level. Information may be defined by content, type, security category, or special access program/compartment. Related control: AC-3. References: None. link 2
NIST_SP_800-53_R5 AC-21 NIST_SP_800-53_R5_AC-21 NIST SP 800-53 Rev. 5 AC-21 Access Control Information Sharing Shared n/a a. Enable authorized users to determine whether access authorizations assigned to a sharing partner match the information???s access and use restrictions for [Assignment: organization-defined information sharing circumstances where user discretion is required]; and b. Employ [Assignment: organization-defined automated mechanisms or manual processes] to assist users in making information sharing and collaboration decisions. link 2
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add e54901fe-42c2-7f3b-3c5f-327aa5320a69
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC