| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1159 - Security Authorization | ||
| Id | 0925f098-7877-450b-8ba4-d1e55f2d8795 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Security Assessment and Authorization control | ||
| Additional metadata |
Name/Id: ACF1159 / Microsoft Managed Control 1159 Category: Security Assessment and Authorization Title: Security Authorization - Signoff Ownership: Customer, Microsoft Description: The organization: Ensures that the authorizing official authorizes the information system for processing before commencing operations; and Requirements: The FedRAMP JAB, DISA/DoD authorizing officials, and other regulators determine if the remaining known vulnerabilities in the information system pose an acceptable level of risk to issue a P-ATO. Agencies must also determine whether the risk to agency operations, assets, and individuals is acceptable. Following review of the security authorization package and consultation with key agency officials, the FedRAMP JAB, DISA/DoD authorizing officials, and other regulators render an authorization decision to: * Authorize system operation without any restrictions or limitations on its operation; * Authorize system operation with restriction or limitation on its operation. The POA&M must be included detailed corrective actions to correct deficiencies. Resubmit an updated accreditation package upon completion of required POA&M actions to move to authorization to operate without any restrictions; or * Not authorize the system for operation. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|