| Source | Azure Portal | ||||||
| Display name | Microsoft Managed Control 1729 - Information Security Program Plan | ||||||
| Id | f5a44e7d-77a2-474e-b2e3-4e8c42ba514b | ||||||
| Version | 1.0.0 Details on versioning |
||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||
| Description | Microsoft implements this Program Management control | ||||||
| Additional metadata |
Name/Id: ACF1729 / Microsoft Managed Control 1729 Category: Program Management Title: Information Security Program Plan - Overview of Requirements And Controls Ownership: Customer, Microsoft Description: The organization: Develops and disseminates an organization-wide information security program plan that: Provides an overview of the requirements for the security program and a description of the security program management controls and common controls in place or planned for meeting those requirements; Includes the identification and assignment of roles, responsibilities, management commitment, coordination among organizational entities, and compliance; Reflects coordination among organizational entities responsible for the different aspects of information security (i.e., technical, physical, personnel, cyber-physical); and Is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation; Requirements: The Azure System Security Plan (SSP) includes all controls in scope, as well as an overview of the requirements for the security program. The SSP includes responsible roles for each control, and is coordinated with all required service teams to ensure cross-organizational visibility and review. It is approved annually by the ISSO and is reviewed and updated at least annually. The Azure SSP is located in secure SharePoint sites to ensure appropriate access control. |
||||||
| Mode | Indexed | ||||||
| Type | Static | ||||||
| Preview | False | ||||||
| Deprecated | False | ||||||
| Effect | Fixed audit |
||||||
| RBAC role(s) | none | ||||||
| Rule aliases | none | ||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||
| Compliance | Not a Compliance control | ||||||
| Initiatives usage | none | ||||||
| History |
|
||||||
| JSON compare | n/a | ||||||
| JSON |
|