AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Remove or redact any PII | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Remove or redact any PII

94c842e3-8098-38f9-6d3f-8872b790527d

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1833 - Remove or redact any PII

Additional metadata

Name/Id: CMA_C1833 / CMA_C1833
Category: Operational
Title: Remove or redact any PII
Ownership: Customer
Description: The customer, where feasible is responsible for locating and removing/redacting specified PII and/or using anonymization and de-identification techniques to permit use of the retained information while reducing its sensitivity and reducing the risk resulting from disclosure for the deployed resources on top of the Azure cloud infrastructure.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 3 compliance controls are associated with this Policy definition 'Remove or redact any PII' (94c842e3-8098-38f9-6d3f-8872b790527d)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Policy#
hipaa	1911.06d1Organizational.13-06.d	hipaa-1911.06d1Organizational.13-06.d	1911.06d1Organizational.13-06.d	19 Data Protection & Privacy	1911.06d1Organizational.13-06.d 06.01 Compliance with Legal Requirements	Shared	n/a	Records with sensitive personal information are protected during transfer to organizations lawfully collecting such information.	5
hipaa	19242.06d1Organizational.14-06.d	hipaa-19242.06d1Organizational.14-06.d	19242.06d1Organizational.14-06.d	19 Data Protection & Privacy	19242.06d1Organizational.14-06.d 06.01 Compliance with Legal Requirements	Shared	n/a	Covered information storage is kept to a minimum.	4
hipaa	19243.06d1Organizational.15-06.d	hipaa-19243.06d1Organizational.15-06.d	19243.06d1Organizational.15-06.d	19 Data Protection & Privacy	19243.06d1Organizational.15-06.d 06.01 Compliance with Legal Requirements	Shared	n/a	The organization specifies where covered information can be stored.	9

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	94c842e3-8098-38f9-6d3f-8872b790527d

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC