| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1144 - Security Assessments | ||
| Id | 2fa15ff1-a693-4ee4-b094-324818dc9a51 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Security Assessment and Authorization control | ||
| Cloud environments | AzureCloud = true AzureUSGovernment = true AzureChinaCloud = unknown |
||
| Available in AzUSGov | The Policy is available in AzureUSGovernment cloud. Version: '1.0.0' Repository: Azure-Policy 2fa15ff1-a693-4ee4-b094-324818dc9a51 |
||
| Additional metadata |
Name/Id: ACF1144 / Microsoft Managed Control 1144 Category: Security Assessment and Authorization Title: Security Assessments - Scope, Security Controls, And Assessment Prep Ownership: Customer, Microsoft Description: The organization: Develops a security assessment plan that describes the scope of the assessment including: Security controls and control enhancements under assessment; Assessment procedures to be used to determine security control effectiveness; and Assessment environment, assessment team, and assessment roles and responsibilities; Requirements: Microsoft utilizes the Third Party Assessment Organization (3PAO) to develop a Security Assessment Plan (SAP) as part of the assessment performed for the Azure offering. The SAP addresses the following objectives: * Scope of the assessment * Assessment approach and methodology * Assessment environment * Known constraints, assumptions and dependencies that may impact the assessment effort * Required resources for performing the assessment * Assessment schedule * Guidelines for evaluating and reporting the assessment findings * Security controls and control enhancements under assessment * Assessment procedures to be used to determine security control effectiveness The SAP is then reviewed and approved by Azure followed by a security assessment performed by the independent assessor. The SAP is based on NIST SP 800-53A Revision 4. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|