| Source | Azure Portal | ||||||||||||||||||||||
| Display name | Microsoft Managed Control 1360 - Incident Handling | ||||||||||||||||||||||
| Id | be5b05e7-0b82-4ebc-9eda-25e447b1a41e | ||||||||||||||||||||||
| Version | 1.0.0 Details on versioning |
||||||||||||||||||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||||||||||||||||||
| Description | Microsoft implements this Incident Response control | ||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1360 / Microsoft Managed Control 1360 Category: Incident Response Title: Incident Handling - Required Components Ownership: Customer, Microsoft Description: The organization: Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; Requirements: Azure implements a standardized incident handling framework derived from multiple incident handling methodologies including NIST SP 800-61 Rev. 2, Computer Security Incident Handling Guide, ISO/IEC 27035:2011, and the SANS Institute publication Computer Security Incident Handling. The Azure C+AI Incident Management process includes multiple stages throughout the resolution of an incident. Incidents may be managed with the Crisis Management or Security Customer Reportable Security or Privacy Incident sub-processes of the overarching Incident Management process. When incidents become triaged as a high severity event (Severity 1 or higher, Severity 0 being the highest) they are managed with the Customer Reportable Security or Privacy Incident sub-process. The process includes steps for preparation, detection and analysis, containment, eradication, and recovery and post-incident activity. Full investigations are conducted by the Security Response Team investigators and are overseen by a Security Incident Manager; this is accomplished through the forensic retrieval of data from affected assets and/or retrieval of relevant event data. Azure ensures individuals that are part of the Security Response Team meet personnel security requirements commensurate with the criticality and sensitivity of the information being processed, stored, and transmitted in Azure. Azure actively plans and implements sustainable security incident management capabilities. incident management activities are reviewed regularly and improvements for infrastructure protection are identified to improve incident management capabilities. Azure ensures individuals that are part of the Security Response Team meet personnel security requirements commensurate with the criticality and sensitivity of the information being processed, stored, and transmitted in Azure. Additionally, Azure reports confirmed security and availability incidents to DoD, US-CERT and affected customers in accordance with applicable policies and procedures. |
||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||
| Type | Static | ||||||||||||||||||||||
| Preview | False | ||||||||||||||||||||||
| Deprecated | False | ||||||||||||||||||||||
| Effect | Fixed audit |
||||||||||||||||||||||
| RBAC role(s) | none | ||||||||||||||||||||||
| Rule aliases | none | ||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||||||||||||||||||
| Compliance |
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1360 - Incident Handling' (be5b05e7-0b82-4ebc-9eda-25e447b1a41e)
| ||||||||||||||||||||||
| Initiatives usage |
|
||||||||||||||||||||||
| History | none | ||||||||||||||||||||||
| JSON compare | n/a | ||||||||||||||||||||||
| JSON |
|