AzPolicyAdvertizer

last sync: 2025-Jun-20 17:23:43 UTC

Provide audit review, analysis, and reporting capability | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Provide audit review, analysis, and reporting capability

44f8a42d-739f-8030-89a8-4c2d5b3f6af3

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1124 - Provide audit review, analysis, and reporting capability

Cloud environments

AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown

Available in AzUSGov

Unknown, no evidence if Policy definition is/not available in AzureUSGovernment

Additional metadata

Name/Id: CMA_C1124 / CMA_C1124
Category: Operational
Title: Provide audit review, analysis, and reporting capability
Ownership: Customer
Description: The customer is responsible for providing an audit reduction and report generation capability for customer-deployed resources, including the support of on-demand audit review, analysis, and reporting requirements, and after-the-fact investigations of security incidents.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)

Microsoft.Resources/subscriptions

Compliance

The following 8 compliance controls are associated with this Policy definition 'Provide audit review, analysis, and reporting capability' (44f8a42d-739f-8030-89a8-4c2d5b3f6af3)

Rows: 1-8 / 8
Columns:
Select all:
Control Domain
Control
Name
MetadataId
Category
Title
Owner
Requirements
Description
Info
Policy#
Close
Columns▼Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.3
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Page of 1
Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#

FedRAMP_High_R4	AU-7	FedRAMP_High_R4_AU-7	FedRAMP High AU-7	Audit And Accountability	Audit Reduction And Report Generation	Shared	n/a	The information system provides an audit reduction and report generation capability that: a. Supports on-demand audit review, analysis, and reporting requirements and after-the-fact investigations of security incidents; and b. Does not alter the original content or time ordering of audit records. Supplemental Guidance: Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generation capabilities do not always emanate from the same information system or from the same organizational entities conducting auditing activities. Audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the information system can generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the timestamp in the record is insufficient. Related control: AU-6. References: None.	link	2
FedRAMP_Moderate_R4	AU-7	FedRAMP_Moderate_R4_AU-7	FedRAMP Moderate AU-7	Audit And Accountability	Audit Reduction And Report Generation	Shared	n/a	The information system provides an audit reduction and report generation capability that: a. Supports on-demand audit review, analysis, and reporting requirements and after-the-fact investigations of security incidents; and b. Does not alter the original content or time ordering of audit records. Supplemental Guidance: Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generation capabilities do not always emanate from the same information system or from the same organizational entities conducting auditing activities. Audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the information system can generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the timestamp in the record is insufficient. Related control: AU-6. References: None.	link	2
hipaa	1205.09aa2System.1-09.aa	hipaa-1205.09aa2System.1-09.aa	1205.09aa2System.1-09.aa	12 Audit Logging & Monitoring	1205.09aa2System.1-09.aa 09.10 Monitoring	Shared	n/a	Logs of messages sent and received are maintained including the date, time, origin and destination of the message, but not its contents.		6
hipaa	1215.09ab2System.7-09.ab	hipaa-1215.09ab2System.7-09.ab	1215.09ab2System.7-09.ab	12 Audit Logging & Monitoring	1215.09ab2System.7-09.ab 09.10 Monitoring	Shared	n/a	Auditing and monitoring systems employed by the organization support audit reduction and report generation.		3
hipaa	1219.09ab3System.10-09.ab	hipaa-1219.09ab3System.10-09.ab	1219.09ab3System.10-09.ab	12 Audit Logging & Monitoring	1219.09ab3System.10-09.ab 09.10 Monitoring	Shared	n/a	The information system is able to automatically process audit records for events of interest based on selectable criteria.		4
NIST_SP_800-171_R2_3	.3.6	NIST_SP_800-171_R2_3.3.6	NIST SP 800-171 R2 3.3.6	Audit and Accountability	Provide audit record reduction and report generation to support on-demand analysis and reporting.	Shared	Microsoft and the customer share responsibilities for implementing this requirement.	Audit record reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit record reduction and report generation capabilities do not always emanate from the same system or organizational entities conducting auditing activities. Audit record reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the system can help generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the time stamp in the record is insufficient.	link	7
NIST_SP_800-53_R4	AU-7	NIST_SP_800-53_R4_AU-7	NIST SP 800-53 Rev. 4 AU-7	Audit And Accountability	Audit Reduction And Report Generation	Shared	n/a	The information system provides an audit reduction and report generation capability that: a. Supports on-demand audit review, analysis, and reporting requirements and after-the-fact investigations of security incidents; and b. Does not alter the original content or time ordering of audit records. Supplemental Guidance: Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generation capabilities do not always emanate from the same information system or from the same organizational entities conducting auditing activities. Audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the information system can generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the timestamp in the record is insufficient. Related control: AU-6. References: None.	link	2
NIST_SP_800-53_R5	AU-7	NIST_SP_800-53_R5_AU-7	NIST SP 800-53 Rev. 5 AU-7	Audit and Accountability	Audit Record Reduction and Report Generation	Shared	n/a	Provide and implement an audit record reduction and report generation capability that: a. Supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; and b. Does not alter the original content or time ordering of audit records.	link	2

Initiatives usage

Rows: 1-6 / 6
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.3
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Page of 1
Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov

FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn	true
FedRAMP Moderate	e95f5a9f-57ad-4d03-bb0b-b1d16db93693	Regulatory Compliance	GA	BuiltIn	true
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn	unknown
NIST SP 800-171 Rev. 2	03055927-78bd-4236-86c0-f36125a10dc9	Regulatory Compliance	GA	BuiltIn	true
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn	true
NIST SP 800-53 Rev. 5	179d1daa-458f-4e47-8086-2a68d0d6c38f	Regulatory Compliance	GA	BuiltIn	true

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29	add	44f8a42d-739f-8030-89a8-4c2d5b3f6af3

JSON compare

compare mode: version left: version right:

1.0.0 → 1.1.0 RENAMED Viewed

@@ -3,9 +3,9 @@
     "policyType": "BuiltIn",
     "mode": "All",
     "description": "CMA_C1124 - Provide audit review, analysis, and reporting capability",
     "metadata": {
-        "version": "1.0.0",
         "category": "Regulatory Compliance",
         "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1124"
     },
     "parameters": {
@@ -29,9 +29,9 @@
         },
         "then": {
             "effect": "[parameters('effect')]",
             "details": {
-                "defaultState": "NonCompliant"
             }
         }
     }
 }

     "policyType": "BuiltIn",
     "mode": "All",
     "description": "CMA_C1124 - Provide audit review, analysis, and reporting capability",
     "metadata": {
+        "version": "1.1.0",
         "category": "Regulatory Compliance",
         "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1124"
     },
     "parameters": {
         },
         "then": {
             "effect": "[parameters('effect')]",
             "details": {
+                "defaultState": "Unknown"
             }
         }
     }
 }

JSON

api-version=2021-06-01
EPAC

{7 itemsdisplayName: "Provide audit review, analysis, and reporting capability",
policyType: "BuiltIn",
mode: "All",
description: "CMA_C1124 - Provide audit review, analysis, and reporting capability",
metadata: {3 itemsversion: "1.1.0",
category: "Regulatory Compliance",
additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1124"
},
parameters: {1 itemeffect: {4 itemstype: "String",
metadata: {2 itemsdisplayName: "Effect",
description: "Enable or disable the execution of the policy"
},
allowedValues: [2 items"Manual",
"Disabled"
],
defaultValue: "Manual"
}
},
policyRule: {2 itemsif: {2 itemsfield: "type",
equals: "Microsoft.Resources/subscriptions"
},
then: {2 itemseffect: "[parameters('effect')]",
details: {1 itemdefaultState: "Unknown"
}
}
}
}

Provide audit review, analysis, and reporting capability | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

TableFilter v0.7.3

TableFilter v0.7.3