AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Establish alternate storage site that facilitates recovery operations | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Establish alternate storage site that facilitates recovery operations
Id 245fe58b-96f8-9f1e-48c5-7f49903f66fd
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1270 - Establish alternate storage site that facilitates recovery operations
Additional metadata Name/Id: CMA_C1270 / CMA_C1270
Category: Operational
Title: Establish alternate storage site that facilitates recovery operations
Ownership: Customer
Description: The customer is responsible for establishing an alternate storage site that facilitates recovery operations consistent with customer-defined recovery time objectives (RTO's) and recovery point objectives (RPO's). Azure can support the secure storage and retrieval of system data if the customer configures Microsoft Azure appropriately for reserving storage capacity in an alternate region.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 6 compliance controls are associated with this Policy definition 'Establish alternate storage site that facilitates recovery operations' (245fe58b-96f8-9f1e-48c5-7f49903f66fd)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 CP-6(2) FedRAMP_High_R4_CP-6(2) FedRAMP High CP-6 (2) Contingency Planning Recovery Time / Point Objectives Shared n/a The organization configures the alternate storage site to facilitate recovery operations in accordance with recovery time and recovery point objectives. link 1
hipaa 1604.12c2Organizational.16789-12.c hipaa-1604.12c2Organizational.16789-12.c 1604.12c2Organizational.16789-12.c 16 Business Continuity & Disaster Recovery 1604.12c2Organizational.16789-12.c 12.01 Information Security Aspects of Business Continuity Management Shared n/a Alternative storage and processing sites are identified (permanent and/or temporary) at a sufficient distance from the primary facility and configured with security measures equivalent to the primary site, and the necessary third-party service agreements have been established to allow for the resumption of information systems operations of critical business functions within the time period defined (e.g., priority of service provisions) based on a risk assessment, including Recovery Time Objectives (RTO), in accordance with the organization's availability requirements. 6
hipaa 1618.09l1Organizational.45-09.l hipaa-1618.09l1Organizational.45-09.l 1618.09l1Organizational.45-09.l 16 Business Continuity & Disaster Recovery 1618.09l1Organizational.45-09.l 09.05 Information Back-Up Shared n/a The backups are stored in a physically secure remote location, at a sufficient distance to make them reasonably immune from damage to data at the primary site, and reasonable physical and environmental controls are in place to ensure their protection at the remote location. 7
NIST_SP_800-53_R4 CP-6(2) NIST_SP_800-53_R4_CP-6(2) NIST SP 800-53 Rev. 4 CP-6 (2) Contingency Planning Recovery Time / Point Objectives Shared n/a The organization configures the alternate storage site to facilitate recovery operations in accordance with recovery time and recovery point objectives. link 1
NIST_SP_800-53_R5 CP-6(2) NIST_SP_800-53_R5_CP-6(2) NIST SP 800-53 Rev. 5 CP-6 (2) Contingency Planning Recovery Time and Recovery Point Objectives Shared n/a Configure the alternate storage site to facilitate recovery operations in accordance with recovery time and recovery point objectives. link 1
SWIFT_CSCF_v2022 9.2 SWIFT_CSCF_v2022_9.2 SWIFT CSCF v2022 9.2 9. Ensure Availability through Resilience Providers must ensure that the service remains available for customers in the event of a site disaster. Shared n/a Providers must ensure that the service remains available for customers in the event of a site disaster. link 13
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 245fe58b-96f8-9f1e-48c5-7f49903f66fd
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC