| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1526 - Access Agreements | ||
| Id | 953e6261-a05a-44fd-8246-000e1a3edbb9 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Personnel Security control | ||
| Additional metadata |
Name/Id: ACF1526 / Microsoft Managed Control 1526 Category: Personnel Security Title: Access Agreements - Develop Access Agreements Ownership: Customer, Microsoft Description: The organization: Develops and documents access agreements for organizational information systems; Requirements: Microsoft has developed and documented confidentiality and non-disclosure provisions for personnel requiring access to Azure in various roles. Before gaining access to information systems, Microsoft full time employees (FTEs) must sign the Employee Agreement (EA) which includes non-disclosure provisions and statements regarding information and asset protection responsibilities. This document also describes the penalties for the violation of these responsibilities. The annual fulfillment of the Security Foundations training course is signed by the employee and meets the requirements for the rules of behavior and access agreements. At the end of the Security Foundations course, the employee must check a box acknowledging that the employee has access to the Microsoft Policy and that the employee will abide by those policies. Third parties, such as subcontractors and vendors, must complete the Resource Access Agreements (RAA), the Email/Network & Cardkey Access Agreement (ECA), and the Contract Worker Agreement (CWA) that also includes non-disclosure provisions for Agency Temporary Workers (ATW). These documents are a part of the Master Supplier Services Agreement (MSSA). In addition, all Microsoft employees are required to sign paperwork acknowledging security training provided during the new hire orientation process. During this training, descriptions are given as to the responsibilities and expected behavior regarding information and information system usage. It is also communicated that security responsibilities extend outside of the work site and beyond the standard operating hours of their employment and continues for a defined period after employment ends. It is the duty of Microsoft personnel to be in compliance with regulatory mandates. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|