| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1561 - Allocation Of Resources | ||
| Id | 40364c3f-c331-4e29-b1e3-2fbe998ba2f5 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Services Acquisition control | ||
| Additional metadata |
Name/Id: ACF1561 / Microsoft Managed Control 1561 Category: System and Services Acquisition Title: Allocation of Resources - Determine Information Security Requirements Ownership: Customer, Microsoft Description: The organization: Determines information security requirements for the information system or information system service in mission/business process planning; Requirements: Microsoft implements the allocation of resources control as part of Phase One: Requirements, of the Microsoft Security Development Lifecycle (SDL) Process. The Requirements phase of the SDL includes considerations for security and privacy at a foundational level—and a cost analysis—when a determination is made if development and support costs for improving security and privacy are consistent with business needs. Microsoft includes a determination of security requirements at the onset of a project to allow for development teams to identify key milestones and deliverables, and permits the integration of security and privacy in a way that minimizes any disruption to plans and schedules. Security and privacy requirements analysis is performed at project inception and includes specification of minimum security requirements for the application as it is designed to run in its planned operational environment and specification and deployment of a security vulnerability/work item tracking system. Likewise, Microsoft included information security requirements for Azure in mission/business process planning consistent with the terms of the Azure offering. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|