| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1529 - Third-Party Personnel Security | ||
| Id | d74fdc92-1cb8-4a34-9978-8556425cd14c | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Personnel Security control | ||
| Additional metadata |
Name/Id: ACF1529 / Microsoft Managed Control 1529 Category: Personnel Security Title: Third-Party Personnel Security - Establish Security Requirements for Third-Party Providers Ownership: Customer, Microsoft Description: The organization: Establishes personnel security requirements including security roles and responsibilities for third-party providers; Requirements: Personnel security requirements, including security roles and responsibilities for third-party providers, are established by requiring them to comply with the Microsoft Information Security Policy. This includes personnel located at Microsoft subsidiaries and locations not owned by Microsoft, such as off-site facilities. Any third-party personnel with access to Azure must pass the same personnel screening process for the requirements established for the risk categorization of their role. In all contracts, Microsoft includes provisions to ensure that third-party providers meet or exceed the personnel security requirements mandated by Microsoft. This includes the ability to successfully pass the Microsoft background check, or equivalent, as well as obtain and maintain additional clearances if the specific project requires it. Third-party providers that have access to the are subject to the same personnel screening requirements as Microsoft personnel working on Azure services for U.S. Government customers, including Federal background investigations. Vendors and subcontractors that require logical access to Federal customer data, or physical access to controlled facilities that house Federal customer data (other than on an occasional or intermittent basis) for the Azure service are required to successfully complete Federal adjudicated background investigations. Should a vendor or subcontractor require physical access to controlled facilities that contain customer data, a cleared/authorized individual is provided as an escort and must accompany the vendor or subcontractor at all times while in the secured location. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|