| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1580 - Information System Documentation | ||
| Id | 854db8ac-6adf-42a0-bef3-b73f764f40b9 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Services Acquisition control | ||
| Additional metadata |
Name/Id: ACF1580 / Microsoft Managed Control 1580 Category: System and Services Acquisition Title: Information System Documentation - Admin Documentation Ownership: Customer, Microsoft Description: The organization: Obtains administrator documentation for the information system, system component, or information system service that describes: Secure configuration, installation, and operation of the system, component, or service; Effective use and maintenance of security functions/mechanisms; and Known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions; Requirements: Azure service teams maintain, secure, manage, and store information system documentation, including documentation regarding: * Secure configuration, installation, and operation of the information system * Effective use and maintenance of security features/functions * Known vulnerabilities regarding configuration and use of administrative (i.e. privileged) functions This documentation is stored in each service team’s SharePoint site and made available to service team members. Documentation for externally-provided software (scanning tools) is available online at vendor websites. Microsoft has implemented the information system documentation control by ensuring the appropriate service team is responsible for maintaining, securing, managing, transmitting and storing all documentation to prevent unauthorized access and misuse of Azure documentation. Microsoft considers all documentation to be categorized as a system asset. The service team is responsible for classifying its assets and employing the associated safeguards according to the Asset Classification Standard and Asset Protection Standard, as well as any additional requirements defined by the service team. An asset is something that supports the delivery of the Azure service or has other business value to its owner. Azure Technical Support’s asset inventory is located on the team SharePoint site. The inventory of assets is maintained by Technical Support personnel and is updated as needed when new assets are created, installed or identified or the asset owner, location or security classification requires modification. Technical Support team’s SOPs are stored on each team’s respective SharePoint site or Knowledge Base as referenced in each team’s asset inventory and other service team documentation, such as project requirements and specifications. Technical Support team documentation, including Technical Support Guides (TSGs), are stored on each team’s respective SharePoint site, or Knowledge Base as referenced in each team’s asset inventory. Authorized personnel routinely develop, maintain and store all related security documentation (e.g., security policies and procedures) and system configuration files on a continuous basis in accordance with regulatory requirements. Documentation is centrally managed using SharePoint and available to only authorized personnel using role-based access (i.e., valid username and level of access). Azure Security Authorization documentation (i.e., SSP, Contingency Plan, Security Assessment Plan (SAP), SAR/RAR, Configuration Management Plan, Plan of Action, and Milestones (POA&M), etc.) is maintained on a SharePoint site with appropriate access controls in place. Known vulnerabilities are identified in the SAR as part of the Security Authorization package and maintained on the SharePoint site with the Azure Security Authorization documentation. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|