| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1158 - Security Authorization | ||
| Id | fff50cf2-28eb-45b4-b378-c99412688907 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Security Assessment and Authorization control | ||
| Additional metadata |
Name/Id: ACF1158 / Microsoft Managed Control 1158 Category: Security Assessment and Authorization Title: Security Authorization - Assignment Ownership: Customer, Microsoft Description: The organization: Assigns a senior-level executive or manager as the authorizing official for the information system; Requirements: Assessment and authorization activities follow established Federal processes as documented in NIST SP 800-37, Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems. As part of the Security Authorization process, the authorizing officials review the Azure Security Authorization package to understand the level of risk posed by vulnerabilities identified in the information system and determine whether to grant a provisional ATO. The explicit acceptance of the risk to customer agency operations, assets, and individuals is the responsibility of customer organizations. The customer must consider many factors, balancing security considerations with mission and operational needs. The customer issues an authorization decision for the information system after reviewing the authorization package submitted by the Azure System Owner. The authorization package provides the FedRAMP JAB, DISA/DoD authorizing officials, other regulators, and customers with the essential information needed to make a credible risk-based decision on whether to grant a P-ATO for the offerings and services that comprise Azure. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|