| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1161 - Continuous Monitoring | ||
| Id | e2f8f6c6-dde4-436b-a79d-bc50e129eb3a | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Security Assessment and Authorization control | ||
| Additional metadata |
Name/Id: ACF1161 / Microsoft Managed Control 1161 Category: Security Assessment and Authorization Title: Continuous Monitoring - Metrics Monitored Ownership: Customer, Microsoft Description: The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: Establishment of Rate of closure/remediation of POA&Ms and high vulnerabilities to be monitored; Requirements: As part of the configuration management process, a Security Impact Analysis (SIA) and Business Impact Analysis (BIA) are performed on Azure for all changes. Deficiencies to the system are documented in the SSP and SAR that are included in the Security Authorization Package. As part of continuous monitoring, Azure documents such as the SSP, SAR and POA&M are updated to reflect any newly identified or remediated security issues. Additionally, Azure tracks through closure all vulnerabilities identified using the vulnerability scanning processes described in RA-05. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|