| Source | Azure Portal | ||||||
| Display name | Microsoft Managed Control 1747 - Security Authorization Process | ||||||
| Id | 3bd38f52-1833-42b2-b9aa-e1b9dcd0143b | ||||||
| Version | 1.0.0 Details on versioning |
||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||
| Description | Microsoft implements this Program Management control | ||||||
| Additional metadata |
Name/Id: ACF1747 / Microsoft Managed Control 1747 Category: Program Management Title: Security Authorization Process - Designate Roles Ownership: Customer, Microsoft Description: The organization: Designates individuals to fulfill specific roles and responsibilities within the organizational risk management process; and Requirements: The Azure Security Assessment and Authorization (A&A) SOP defines requirements as identified in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Security and Privacy Controls for Federal Information Systems and Organizations. The SOP provides Azure services engineering employees and contractors with security responsibilities and other information technology (IT) personnel involved in security assessment and authorization with the specific procedures to follow for implementing the function for the systems under their purview. Azure shall communicate and publish all policies and procedures to a central repository (i.e. Azure Compliance SharePoint portal), and they should be accessible to all staff. Review of policies and procedures for information security and privacy is performed annually by the Azure Compliance and Privacy teams. Supporting documentation of the review is retained showing evidence of the review being completed and that reviewer’s changes align with the new version of the SOP. The purpose of this document is to enable engineers and operations to understand the security assessment and authorization requirements and the options available to fulfill them. The document also directs readers to additional engineering guidance and resources for services that want to onboard to the standardized and centralized implementations for meeting these requirements. Azure designates responsible individuals in the Azure System Security Plan (SSP) and in Service Tree. |
||||||
| Mode | Indexed | ||||||
| Type | Static | ||||||
| Preview | False | ||||||
| Deprecated | False | ||||||
| Effect | Fixed audit |
||||||
| RBAC role(s) | none | ||||||
| Rule aliases | none | ||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||
| Compliance | Not a Compliance control | ||||||
| Initiatives usage | none | ||||||
| History |
|
||||||
| JSON compare | n/a | ||||||
| JSON |
|