| Source | Azure Portal | ||||||||||||||||||||||
| Display name | Microsoft Managed Control 1358 - Incident Response Testing | ||||||||||||||||||||||
| Id | effbaeef-5bf4-400d-895e-ef8cbc0e64c7 | ||||||||||||||||||||||
| Version | 1.0.0 Details on versioning |
||||||||||||||||||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||||||||||||||||||
| Description | Microsoft implements this Incident Response control | ||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1358 / Microsoft Managed Control 1358 Category: Incident Response Title: Incident Response Testing Ownership: Customer, Microsoft Description: The organization tests the incident response capability for the information system At least every 6 months using Tests and exercises in accordance with NIST Special Publication 800-61 to determine the incident response effectiveness and documents the results. Requirements: Azure tests the incident management capability by using a process that is consistent with the NIST Special Publication 800-61, Revision 2, Computer Security Incident Handling Guide. The Azure incident management capability is exercised by the Security Response Team on a regular basis as security incidents are identified and reported. In addition, Red Team exercises are utilized generally every two weeks to test and identify weaknesses in the incident management process. Lastly, regular mandatory exercises in coordination with contingency planning activities are performed at least annually. All issues and action items identified during the exercise are documented in an incident tracking system and worked on until resolved. During the post-exercise phase, lessons learned are discussed and incident management policies and procedures are updated accordingly. After the exercises, a post-exercise summary is documented. The post-exercise summary documents the incident ticket number which details how Azure determined there was an incident all the way through the resolution of the incident. Each incident entry is documented in an incident tracking system including identifying the personnel that made updates to the ticket. The Security Response Team regularly evaluates response methodology and tools to ensure optimal performance during incidents in Azure as part of the Post incident management (PIR) process. |
||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||
| Type | Static | ||||||||||||||||||||||
| Preview | False | ||||||||||||||||||||||
| Deprecated | False | ||||||||||||||||||||||
| Effect | Fixed audit |
||||||||||||||||||||||
| RBAC role(s) | none | ||||||||||||||||||||||
| Rule aliases | none | ||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||||||||||||||||||
| Compliance |
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1358 - Incident Response Testing' (effbaeef-5bf4-400d-895e-ef8cbc0e64c7)
| ||||||||||||||||||||||
| Initiatives usage |
|
||||||||||||||||||||||
| History | none | ||||||||||||||||||||||
| JSON compare | n/a | ||||||||||||||||||||||
| JSON |
|