Source | Azure Portal | ||||||
Display name | Microsoft Managed Control 1572 - Acquisitions Process | ||||||
Id | 04f5fb00-80bb-48a9-a75b-4cb4d4c97c36 | ||||||
Version | 1.0.1 Details on versioning |
||||||
Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||
Category | Regulatory Compliance Microsoft Learn |
||||||
Description | Microsoft implements this System and Services Acquisition control | ||||||
Additional metadata |
Name/Id: ACF1572 / Microsoft Managed Control 1572 Category: System and Services Acquisition Title: Acquisition Process - Include Requirements for Protection of Security-related Documentation in Contract Ownership: Customer, Microsoft Description: The organization includes the following requirements, descriptions, and criteria, explicitly or by reference, in the acquisition contract for the information system, system component, or information system service in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, guidelines, and organizational mission/business needs: Requirements for protecting security-related documentation; Requirements: Azure implements the acquisitions control through enforcement of the Microsoft Security Policy. The Policy dictates that where a third party is allowed to (i) access, process, host or manage Microsoft’s online services’ information assets or information processing facilities, or (ii) add products or services to Microsoft’s online services’ information processing facilities, arrangements must be made in a formal contract to define responsibility and requirements for the security, confidentiality, integrity and availability of the information assets involved. Appropriate security standards are addressed in the agreement, to provide a level of protection against identified risks equivalent to that provided by the Microsoft Security Policy. It is the role of Corporate, External, and Legal Affairs (CELA) to require language included in system acquisition contracts pertaining to the security requirements, as appropriate, through the Master Supplier Services Agreement (MSSA) or an equivalent type of agreement. |
||||||
Mode | Indexed | ||||||
Type | Static | ||||||
Preview | False | ||||||
Deprecated | False | ||||||
Effect | Fixed audit |
||||||
RBAC role(s) | none | ||||||
Rule aliases | none | ||||||
Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||
Compliance | Not a Compliance control | ||||||
Initiatives usage | none | ||||||
History |
|
||||||
JSON compare |
compare mode:
version left:
version right:
|
||||||
JSON |
|