| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1611 - Developer-Provided Training | ||
| Id | fdda8a0c-ac32-43f6-b2f4-7dc1df03f43f | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Services Acquisition control | ||
| Additional metadata |
Name/Id: ACF1611 / Microsoft Managed Control 1611 Category: System and Services Acquisition Title: Developer-Provided Training Ownership: Customer, Microsoft Description: The organization requires the developer of the information system, system component, or information system service to provide initial, ongoing, and annual training to include review of system documentation created by service teams and stored in team SharePoint sites on the correct use and operation of the implemented security functions, controls, and/or mechanisms. Requirements: All members of software development teams receive appropriate training to stay informed about security basics and recent trends in security. Individuals who develop software programs are required to complete at least one security training course in person or online each year. Security training can help ensure software is created with security in mind and can also help development teams stay current on security issues. Project team members are strongly encouraged to seek additional security and privacy education that is appropriate to their needs or products. Azure service teams maintain, secure, manage, and store information system documentation, including documentation regarding: * Secure configuration, installation, and operation of the information system; * Effective use and maintenance of security features/functions; and * Known vulnerabilities regarding configuration and use of administrative (i.e. elevated) functions This documentation is stored in each service team’s SharePoint site or STRIKE Central and is made available to service team members. Review of relevant documentation is part of initial and ongoing training activities held at least annually. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|