AzPolicyAdvertizer

last sync: 2025-May-16 17:48:43 UTC

Adjust level of audit review, analysis, and reporting | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Adjust level of audit review, analysis, and reporting

de251b09-4a5e-1204-4bef-62ac58d47999

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1123 - Adjust level of audit review, analysis, and reporting

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'

Additional metadata

Name/Id: CMA_C1123 / CMA_C1123
Category: Operational
Title: Adjust level of audit review, analysis, and reporting
Ownership: Customer
Description: The customer is responsible for adjusting the level of audit review, analysis, and reporting for customer-deployed resources when there is a change in risk based on information provided by law enforcement, intelligence, or other credible sources.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)

Microsoft.Resources/subscriptions

Compliance

The following 5 compliance controls are associated with this Policy definition 'Adjust level of audit review, analysis, and reporting' (de251b09-4a5e-1204-4bef-62ac58d47999)

Rows: 1-5 / 5
Columns:
Select all:
Control Domain
Control
Name
MetadataId
Category
Title
Owner
Requirements
Description
Info
Policy#
Close
Columns▼Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.3
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Page of 1
Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#

FedRAMP_High_R4	AU-6(10)	FedRAMP_High_R4_AU-6(10)	FedRAMP High AU-6 (10)	Audit And Accountability	Audit Level Adjustment	Shared	n/a	The organization adjusts the level of audit review, analysis, and reporting within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information. Supplemental Guidance: The frequency, scope, and/or depth of the audit review, analysis, and reporting may be adjusted to meet organizational needs based on new information received.	link	1
hipaa	0202.09j1Organizational.3-09.j	hipaa-0202.09j1Organizational.3-09.j	0202.09j1Organizational.3-09.j	02 Endpoint Protection	0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code	Shared	n/a	Audit logs of the scans are maintained.		15
hipaa	12101.09ab1Organizational.3-09.ab	hipaa-12101.09ab1Organizational.3-09.ab	12101.09ab1Organizational.3-09.ab	12 Audit Logging & Monitoring	12101.09ab1Organizational.3-09.ab 09.10 Monitoring	Shared	n/a	The organization specifies how often audit logs are reviewed, how the reviews are documented, and the specific roles and responsibilities of the personnel conducting the reviews, including the professional certifications or other qualifications required.		18
ISO27001-2013	C.9.2.e	ISO27001-2013_C.9.2.e	ISO 27001:2013 C.9.2.e	Performance Evaluation	Internal audit	Shared	n/a	The organization shall conduct internal audits at planned intervals to provide information on whether the information security management system: e) select auditors and conduct audits that ensure objectivity and the impartiality of the audit process.	link	5
NIST_SP_800-53_R4	AU-6(10)	NIST_SP_800-53_R4_AU-6(10)	NIST SP 800-53 Rev. 4 AU-6 (10)	Audit And Accountability	Audit Level Adjustment	Shared	n/a	The organization adjusts the level of audit review, analysis, and reporting within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information. Supplemental Guidance: The frequency, scope, and/or depth of the audit review, analysis, and reporting may be adjusted to meet organizational needs based on new information received.	link	1

Initiatives usage

Rows: 1-4 / 4
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.3
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Page of 1
Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov

FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn	true
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn	unknown
ISO 27001:2013	89c6cddc-1c73-4ac1-b19c-54d1a15a42f2	Regulatory Compliance	GA	BuiltIn	true
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn	true

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	de251b09-4a5e-1204-4bef-62ac58d47999

JSON compare

compare mode: version left: version right:

1.0.0 → 1.1.0 RENAMED Viewed

@@ -3,9 +3,9 @@
     "policyType": "BuiltIn",
     "mode": "All",
     "description": "CMA_C1123 - Adjust level of audit review, analysis, and reporting",
     "metadata": {
-        "version": "1.0.0",
         "category": "Regulatory Compliance",
         "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1123"
     },
     "parameters": {
@@ -29,9 +29,9 @@
         },
         "then": {
             "effect": "[parameters('effect')]",
             "details": {
-                "defaultState": "NonCompliant"
             }
         }
     }
 }

     "policyType": "BuiltIn",
     "mode": "All",
     "description": "CMA_C1123 - Adjust level of audit review, analysis, and reporting",
     "metadata": {
+        "version": "1.1.0",
         "category": "Regulatory Compliance",
         "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1123"
     },
     "parameters": {
         },
         "then": {
             "effect": "[parameters('effect')]",
             "details": {
+                "defaultState": "Unknown"
             }
         }
     }
 }

JSON

api-version=2021-06-01
EPAC

{7 itemsdisplayName: "Adjust level of audit review, analysis, and reporting",
policyType: "BuiltIn",
mode: "All",
description: "CMA_C1123 - Adjust level of audit review, analysis, and reporting",
metadata: {3 itemsversion: "1.1.0",
category: "Regulatory Compliance",
additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/CMA_C1123"
},
parameters: {1 itemeffect: {4 itemstype: "String",
metadata: {2 itemsdisplayName: "Effect",
description: "Enable or disable the execution of the policy"
},
allowedValues: [2 items"Manual",
"Disabled"
],
defaultValue: "Manual"
}
},
policyRule: {2 itemsif: {2 itemsfield: "type",
equals: "Microsoft.Resources/subscriptions"
},
then: {2 itemseffect: "[parameters('effect')]",
details: {1 itemdefaultState: "Unknown"
}
}
}
}

Adjust level of audit review, analysis, and reporting | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

TableFilter v0.7.3

TableFilter v0.7.3