last sync: 2024-May-24 18:03:04 UTC

Microsoft Managed Control 1611 - Developer-Provided Training | Regulatory Compliance - System and Services Acquisition

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1611 - Developer-Provided Training
Id fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this System and Services Acquisition control
Additional metadata Name/Id: ACF1611 / Microsoft Managed Control 1611
Category: System and Services Acquisition
Title: Developer-Provided Training
Ownership: Customer, Microsoft
Description: The organization requires the developer of the information system, system component, or information system service to provide initial, ongoing, and annual training to include review of system documentation created by service teams and stored in team SharePoint sites on the correct use and operation of the implemented security functions, controls, and/or mechanisms.
Requirements: All members of software development teams receive appropriate training to stay informed about security basics and recent trends in security. Individuals who develop software programs are required to complete at least one security training course in person or online each year. Security training can help ensure software is created with security in mind and can also help development teams stay current on security issues. Project team members are strongly encouraged to seek additional security and privacy education that is appropriate to their needs or products. Azure service teams maintain, secure, manage, and store information system documentation, including documentation regarding: * Secure configuration, installation, and operation of the information system; * Effective use and maintenance of security features/functions; and * Known vulnerabilities regarding configuration and use of administrative (i.e. elevated) functions This documentation is stored in each service team’s SharePoint site or STRIKE Central and is made available to service team members. Review of relevant documentation is part of initial and ongoing training activities held at least annually.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC