| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1169 - Continuous Monitoring | Trend Analyses | ||
| Id | e7ba2cb3-5675-4468-8b50-8486bdd998a5 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Security Assessment and Authorization control | ||
| Additional metadata |
Name/Id: ACF1169 / Microsoft Managed Control 1169 Category: Security Assessment and Authorization Title: Continuous Monitoring | Trend Analyses Ownership: Customer, Microsoft Description: The organization employs trend analyses to determine if security control implementations, the frequency of continuous monitoring activities, and/or the types of activities used in the continuous monitoring process need to be modified based on empirical data. Requirements: Azure combines analysis of the following sources: * Vulnerability scanning of operating systems, databases and web applications * Findings from Third Party Assessment Organization (3PAO) assessment activities * Security alerts and advisories Azure receives information system security alerts, advisories, and directives from several external organizations including US-CERT, customer incident reports, Microsoft Security Response Team and the Microsoft Security Response Center (MSRC). Customers can report security incidents at any time through the Azure Management Portal or via a twenty-four (24) hours a day, seven (7) days a week dedicated phone line that is available. The Security Response Team notifies service teams of security incidents which occur within the physical environment (i.e. datacenters and boundary network devices). MSRC notifies service teams around the latest security patches for Microsoft’s software platforms. MSRC publishes Security Bulletins and associated patches on the second Tuesday of every month except when MSRC determines that an out of band patch is required for addressing zero-day vulnerabilities. Azure uses trend analysis of these data sources to determine if changes are required to implementation of security controls, to continuous monitoring activities, or to the frequency with which continuous monitoring activities are carried out. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|