AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Assign risk designations | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Assign risk designations
Id b7897ddc-9716-2460-96f7-7757ad038cc4
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_0016 - Assign risk designations
Additional metadata Name/Id: CMA_0016 / CMA_0016
Category: Operational
Title: Assign risk designations
Ownership: Customer
Description: Microsoft recommends that your organization assign risk designations and associated screening criteria to all positions of organizational personnel that are consistent with the organizations internal policies and procedures. Your organization should consider creating and maintaining Personnel Security policies and standard operating procedures that include a process for assigning risk designations and screening criteria to all positions within your organization that are consistent with your organization's internal policies and procedures. It is also recommended to plan for the succession of key personnel who have a high-risk designation. Your organization should also consider reviewing and updating position risk designations at an organization-defined frequency.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 6 compliance controls are associated with this Policy definition 'Assign risk designations' (b7897ddc-9716-2460-96f7-7757ad038cc4)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 PS-2 FedRAMP_High_R4_PS-2 FedRAMP High PS-2 Personnel Security Position Risk Designation Shared n/a The organization: a. Assigns a risk designation to all organizational positions; b. Establishes screening criteria for individuals filling those positions; and c. Reviews and updates position risk designations [Assignment: organization-defined frequency]. Supplemental Guidance: Position risk designations reflect Office of Personnel Management policy and guidance. Risk designations can guide and inform the types of authorizations individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements (e.g., training, security clearances). Related controls: AT-3, PL-2, PS-3. Control Enhancements: None. References: 5 C.F.R. 731.106(a). link 1
FedRAMP_Moderate_R4 PS-2 FedRAMP_Moderate_R4_PS-2 FedRAMP Moderate PS-2 Personnel Security Position Risk Designation Shared n/a The organization: a. Assigns a risk designation to all organizational positions; b. Establishes screening criteria for individuals filling those positions; and c. Reviews and updates position risk designations [Assignment: organization-defined frequency]. Supplemental Guidance: Position risk designations reflect Office of Personnel Management policy and guidance. Risk designations can guide and inform the types of authorizations individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements (e.g., training, security clearances). Related controls: AT-3, PL-2, PS-3. Control Enhancements: None. References: 5 C.F.R. 731.106(a). link 1
hipaa 0105.02a2Organizational.1-02.a hipaa-0105.02a2Organizational.1-02.a 0105.02a2Organizational.1-02.a 01 Information Protection Program 0105.02a2Organizational.1-02.a 02.01 Prior to Employment Shared n/a Risk designations are assigned for all positions within the organization as appropriate, with commensurate screening criteria, and reviewed/revised every 365 days. 6
NIST_SP_800-53_R4 PS-2 NIST_SP_800-53_R4_PS-2 NIST SP 800-53 Rev. 4 PS-2 Personnel Security Position Risk Designation Shared n/a The organization: a. Assigns a risk designation to all organizational positions; b. Establishes screening criteria for individuals filling those positions; and c. Reviews and updates position risk designations [Assignment: organization-defined frequency]. Supplemental Guidance: Position risk designations reflect Office of Personnel Management policy and guidance. Risk designations can guide and inform the types of authorizations individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements (e.g., training, security clearances). Related controls: AT-3, PL-2, PS-3. Control Enhancements: None. References: 5 C.F.R. 731.106(a). link 1
NIST_SP_800-53_R5 PS-2 NIST_SP_800-53_R5_PS-2 NIST SP 800-53 Rev. 5 PS-2 Personnel Security Position Risk Designation Shared n/a a. Assign a risk designation to all organizational positions; b. Establish screening criteria for individuals filling those positions; and c. Review and update position risk designations [Assignment: organization-defined frequency]. link 1
op.pl.1 Risk analysis op.pl.1 Risk analysis 404 not found n/a n/a 70
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add b7897ddc-9716-2460-96f7-7757ad038cc4
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC